In a recent law enforcement operation, the Federal Bureau of Investigation (FBI) dismantled the notorious cyber-criminal forum known as the Russian Anonymous Marketplace (RAMP), a platform favored by ransomware actors and initial access brokers. This takedown represents a significant disruption in the cybercrime landscape, particularly for Russian-speaking cybercriminals. The news of RAMP's disarray emerged in late January 2026, when several cyber threat intelligence (CTI) analysts observed tha
ransomware (402)
In a recent law enforcement operation, the Federal Bureau of Investigation (FBI) dismantled the notorious cyber-criminal forum known as the Russian Anonymous Marketplace (RAMP), a platform favored by ransomware actors and initial access brokers. This takedown represents a significant disruption in the cybercrime landscape, particularly for Russian-speaking cybercriminals. The news of RAMP's disarray emerged in late January 2026, when several cyber threat intelligence (CTI) analysts observed tha
In a recent law enforcement operation, the Federal Bureau of Investigation (FBI) dismantled the notorious cyber-criminal forum known as the Russian Anonymous Marketplace (RAMP), a platform favored by ransomware actors and initial access brokers. This takedown represents a significant disruption in the cybercrime landscape, particularly for Russian-speaking cybercriminals. The news of RAMP's disarray emerged in late January 2026, when several cyber threat intelligence (CTI) analysts observed tha
In a recent law enforcement operation, the Federal Bureau of Investigation (FBI) dismantled the notorious cyber-criminal forum known as the Russian Anonymous Marketplace (RAMP), a platform favored by ransomware actors and initial access brokers. This takedown represents a significant disruption in the cybercrime landscape, particularly for Russian-speaking cybercriminals. The news of RAMP's disarray emerged in late January 2026, when several cyber threat intelligence (CTI) analysts observed tha
In a recent law enforcement operation, the Federal Bureau of Investigation (FBI) dismantled the notorious cyber-criminal forum known as the Russian Anonymous Marketplace (RAMP), a platform favored by ransomware actors and initial access brokers. This takedown represents a significant disruption in the cybercrime landscape, particularly for Russian-speaking cybercriminals. The news of RAMP's disarray emerged in late January 2026, when several cyber threat intelligence (CTI) analysts observed tha
According to a recent report by Check Point Software, the number of publicly disclosed ransomware incidents increased approximately 60% year over year as of December. In fact, there were nearly 1,000 reported incidents in December alone. This marks a clear increase in the consistency and scale of ransomware growth.
A potential contributor to this increase is the fact that ransomware is becoming more and more of an industrialized business model. Ransomware as a service (RaaS) ecosystems allows
Two US cybersecurity professionals, Ryan Goldberg and Kevin Martin, pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks that occurred in 2023. Court records show that Ryan Goldberg, Kevin Martin, and a co-conspirator deployed ALPHV BlackCat ransomware against US victims from April to December 2023, sharing 20% of the ransoms with the operators. Despite working in cybersecurity, they extorted about $1.2M in Bitcoin from one victim, split the proceeds, and laundere
Ransomware is no longer a niche threat. It shows up across industries, company sizes, and geographies but some groups remain far more exposed than others. Ransomware appeared in 44% of breaches analyzed in Verizon’s 2025 DBIR executive summary, up from 32% the previous year. This sharp rise confirms ransomware’s growing role as a primary breach driver rather than a secondary payload.[1]
Ransomware was a component of 39% of breaches in larger organizations, showing that even mature security pr
CyberVolk is a pro-Russia hacktivist persona Sentinel Labs first documented in late 2024, and it has been tracked using multiple ransomware tools to conduct attacks aligned with Russian government interests. After seemingly lying dormant for most of 2025 due to Telegram enforcement actions, the group returned in August 2025 with a new RaaS offering called VolkLocker (aka CyberVolk 2.x).
Below, researchers examine the functionality of VolkLocker, including its Telegram-based automation, encrypti
SentinelLABS has been researching how large language models (LLMs) are impacting cybersecurity for both defenders and adversaries. As part of our ongoing efforts in this area and our well-established research and tracking of crimeware actors, researchers have been closely following the adoption of LLM technology among ransomware operators. Analysts have observed that three structural shifts appear to be unfolding in parallel.
First, the barriers to entry continue to fall for those intent on cy
Marquis Software Solutions is notifying banks and credit unions of a ransomware attack that leaked their customer data. The Texas-based digital and physical marketing firm learned of the ransomware cyber-attack on 14 August 2025, after detecting suspicious activity on its network. It responded by launching an investigation and notifying law enforcement. The probe determined that the threat actor breached its SonicWall firewall to gain initial access.[1]
After gaining access, the attackers exf
The automobile dealership sector continues to evolve digitally with connected vehicles, cloud-based dealership management systems (DMS), online financing, and electronic sales workflows. But the newly released CDK State of Dealership Cybersecurity 2025 report shows a sector still struggling to keep pace with threat actors who increasingly target these high-value, high-data retail environments. Despite gains in awareness and investment, dealerships face widening gaps in employee readiness, thir
The cyber threat landscape is constantly evolving, but few threats demand immediate, sector-wide attention like the latest joint advisory on the Akira ransomware. The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and international partners recently issued a crucial advisory (AA24-109A) detailing the tactics, techniques, and procedures (TTPs) of the Akira ransomware group. Their accompanying press release highlighted the need for decisi
Security solutions firm Sophos has released its fifth annual Sophos State of Ransomware in Retail report. The report, which surveyed IT and cybersecurity leaders across 16 countries, reveals alarming trends in ransomware incidents affecting the retail sector. The report highlights that nearly half (46%) of retail ransomware incidents were traced back to an unknown security gap, indicating significant visibility challenges within the retail attack surface.[1]
Among organizations that experience
In the lead-up to Black Friday and Cyber Monday 2025, the retail sector in the US is facing a significant increase in cyber-attacks targeting both online and brick-and-mortar businesses. Threat actors have and are leveraging sophisticated phishing campaigns, malicious websites masquerading as legitimate retailers, and ransomware attacks timed to disrupt critical sales periods. According to recent industry reports, cybercriminals are exploiting the surge in online shopping traffic by deploying
The Russian government's relationship with its cybercriminal ecosystem has transitioned from passive tolerance to active state management, marking a strategic shift. This report, covering 2024–2025, details the "Dark Covenant 3.0," characterized by selective enforcement, choreographed arrests, and direct coordination between criminal leaders and Russian intelligence intermediaries.
Insikt Group found that Russia leverages these criminal groups as geopolitical tools, with detentions and releases
The cybersecurity community is spinning from a disturbing indictment that underscores a frightening new dimension of insider risk and supply chain betrayal. The US Department of Justice (DOJ) has unsealed charges against two former employees of a US-based cybersecurity firm, accusing them of a stunning conflict of interest: allegedly launching the very ransomware attacks they were hired to help victims recover from.[1]
As reported by TechCrunch and BleepingComputer, the individuals are charged
Ransomware infections usually come from malicious hackers. But in a rarity, a string of attacks was sourced to a pair of cybersecurity employees out to extort millions from victims. Kevin Tyler Martin, a ransomware threat negotiator at cybersecurity provider DigitalMint, and Ryan Clifford Goldberg from Sygnia Cybersecurity Services, are allegedly behind the scheme, according to the Chicago Sun-Times.
A 12-page court document shows a federal grand jury indicted Goldberg and Martin last month fo
South Africa has seen its increases in social upheaval and other political struggles. Cyber-attacks are an additional concern for South Africans to worry about. South Africa has experienced 110 cybercrime incidents involving extortion, ransomware, and state hacking in the past five years, according to Orange Cyberdefense’s inaugural Security Navigator Africa report. This is the highest number in Africa and more than double that of Egypt, which ranked second with 46 incidents between 2020 and
Companies should improve the resilience of their software supply chains against ransomware, according to guidance the International Counter Ransomware Initiative (CRI) published recently after its fifth annual summit in Singapore. The new guidance, developed by the United Kingdom and Singapore as the CRI’s policy leads, aims to raise awareness of the ransomware threat across supply chains, as well as promote good cyber hygiene that will see supply chain vulnerabilities factored into organizatio
