#ransomware

#ransomware

Ransomware attacks have loomed for years as an urgent digital threat with no easy solution -especially as they have evolved to include data grab-and-leak attacks that may not even involve data-encrypting malware at all. Traditional ransomware that locks up files and systems is still rampant, though, and Google on Tuesday launched a new defense for its Google Drive for desktop apps that aims to quickly detect ransomware activity and halt cloud syncing before an infection can spread.

The Windows variant now loads payloads via DLL reflection and employs aggressive anti-analysis packing; the Linux variant accepts command-line directives to tailor which directories and file types to hit; and the ESXi version is built to seize virtualization infrastructure by encrypting VMs. What's more, each encrypted file is stamped with a random 16-character extension, a move designed to make restoring your data even more of a nightmare.

The company said in an SEC filing that it became aware of the cybersecurity incident on September 19. The disclosure does not mention Collins Aerospace, the subsidiary that offers the impacted airport check-in and boarding solutions. RTX confirmed that customers have resorted to backup and manual processes, which has led to flights being delayed and cancelled. The company explained that ransomware was found on "systems that support its Multi-User System Environment (MUSE) passenger processing software," adding, "This software enables multiple airlines to share check-in and gate resources at airports, including baggage handling.

The 80th session of the United Nations General Assembly is in New York this week. One issue that's at the top of the agenda is connected to the war in Gaza. Several countries announced over the weekend that they will formally recognize a state of Palestine. Other US allies are doing the same this week. Also, from London to Brussels and Berlin, some of Europe's biggest airports are grappling with a ransomware attack that has caused delays and cancellations.

A cyberattack that has caused major airport disruptions in the United Kingdom, Germany and Belgium was caused by ransomware, the European Union Agency for Cybersecurity (ENISA) says. In a statement on Monday, ENISA said law enforcement was involved to investigate the software that holds data until those targeted pay to have their access back.

In a report examining the malicious use of LLMs, the cybersecurity company said AI models are being increasingly used by threat actors for operational support, as well as for embedding them into their tools - an emerging category called LLM-embedded malware that's exemplified by the appearance of LAMEHUG (aka PROMPTSTEAL) and PromptLock. This includes the discovery of a previously reported Windows executable called MalTerminal that uses OpenAI GPT-4 to dynamically generate ransomware code or a reverse shell.

The era where two or three RaaS operators controlled the majority of incidents appears to be over - at least for now. The distinction between initial access brokers, affiliates and core operators has become increasingly blurred.

The Uvalde Consolidated Independent School District will close for most of next week after the district detected ransomware in its servers, according to district officials. The district will close from Sept. 15-18 and will exchange the dates it is closed with other previously scheduled non-working days integrated into the current UCISD calendar. The ransomware detected by the district is affecting several essential online systems, including phones, thermostats, camera monitoring and visitor management systems, among critical services, the district said.

The biggest cyber risk to schools is our kids. Everyone talks about protecting grandma, but the reality is younger generations are the ones getting scammed the most. Gen Z in particular is impatient, naive, and easy to trick. Scam texts and calls bombard them every day, and they have not yet learned to pause and question what they are seeing.

Wednesday's management advisory memorandum from VA's Office of Inspector General reviewed how the agency and Oracle Health were following interface testing procedures at the Captain James A. Lovell Federal Health Care Center in North Chicago, Illinois. VA and the Department of Defense officially announced the launch of the new EHR system at the Chicago medical center in March 2024. VA's software is designed to be interoperable with the Pentagon's similar Oracle Health system.

JLR was attacked earlier, too. In March 2025, JLR was targeted by the HELLCAT ransomware group, which compromised Atlassian Jira credentials to steal hundreds of gigabytes of sensitive data. This new attack, leading to the systematic shutdown of production facilities and retail systems, suggests either a ransomware attack or a significant system compromise. Clearly, JLR needs to immediately implement capabilities to prevent lateral movement that attackers resort to after an initial breach, among other cybersecurity controls.

Ianis Aleksandrovich Antropenko exemplifies the profile of a modern cybercriminal, yet, unlike many others who have faced strict prosecution for similar offenses, the Justice Department has granted him liberties rarely extended to such suspects. The 36-year-old Russian national was arrested almost a year ago in California for his alleged involvement in multiple ransomware attacks from at least May 2018 to August 2022.

"Agentic AI has been weaponized," the company said in a . "AI models are now being used to perform sophisticated cyber attacks, not just advise on how to carry them out."

Anthropic reported last week that a hacker used its technology for an AI-fueled crime spree involving large-scale ransomware attacks. The attacker used the Claude chatbot for recon, code generation, credential theft, infiltration, and ransom notes against 17 organizations, including healthcare providers, government agencies, religious charities, and a defense contractor. The AI even helpfully proposed ransom amounts, ranging from $75,000 to $500,000 in Bitcoin. This marks the first known case where AI choreographed an entire extortion scheme, automating nearly every step.