#ransomware

#ransomware

Ransomware gangs, especially those with ransomware-as-a-service (RaaS) programs, frequently produce new builds of their encryptors, and ensuring that each new build is reliably undetected can be time-consuming. More importantly, encryptors are inherently very noisy (as they inherently need to modify a large number of files in a short period); making such malware undetected is rather challenging.

Whole Foods shelves sit empty after a data breach shut down its wholesale distributor. Meat packers working for JBS Foods are paralyzed as an $11 million ransomware attack takes out their processing facilities. Some 2.2 million workers at Stop & Shop and Hannaford have their personal data exposed as the result of a cyberattack on parent company Ahold Delhaize USA. These scenarios, straight from a William Gibson novel, are becoming increasingly common in supply chains across the world.

A 47-year-old man arrested by police in Poland for allegedly being involved in cybercriminal activities has been linked to the Phobos ransomware operation. According to Poland's Central Cybercrime Bureau, officers found hacking tools, credentials, payment card numbers, and server IP addresses on the unnamed suspect's devices during a search. They also discovered that the suspect had exchanged messages with the Phobos ransomware group.

That changed last week when the US Department of Justice published a sentencing memorandum [PDF] that frames Williams' conduct as a betrayal of his employer and the US government, and the cause of significant harm to US national security. Williams "made it possible for the Russian Broker to arm its clients with powerful cyber exploits that could be used against any manner of victim, civilian or military around the world," the DoJ said.

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection and Response (EDR) solutions so that malicious activities go unnoticed. The strategy has been adopted by many ransomware groups over the years.

To be clear, ransomware isn't going anywhere, and adversaries continue to innovate. But the data shows a clear strategic pivot away from loud, destructive attacks toward techniques designed to evade detection, persist inside environments, and quietly exploit identity and trusted infrastructure. Rather than breaking in and burning systems down, today's attackers increasingly behave like Digital Parasites. They live inside the host, feed on credentials and services, and remain undetected for as long as possible.

In its annual Red Report, a body of research that analyzes real-world attacker techniques using large-scale attack simulation data, Picus Labs warns cybersecurity professionals that threat actors are rapidly shifting away from ransomware encryption to parasitic "sleeperware" extortion as their means to loot organizations for millions of dollars per attack. Released today and now in its sixth year, the 278-page Red Report gets its name from Picus-organized cybersecurity exercises that take the perspective of the attacker's team, otherwise known as the "red team."

A coding error, possibly introduced thanks to over-reliance on artificial intelligence (AI) vibe coding tools, has rendered an emergent strain of ransomware an acutely dangerous threat, according to researchers at Halcyon's Ransomware Research Center (RRC). The Sicarii ransomware-as-a-service (RaaS) operation emerged from the cyber criminal underground in December 2025, when it started advertising for affiliates on the dark web.

OCR continues to execute its enforcement mission under its statutory and regulatory authorities regarding civil rights, exercise of conscience, and health information privacy and security, and breach notification. OCR continues to investigate complaints filed, to conduct compliance reviews, and to review breaches of unsecured protected health information. OCR will be responsive to the HIPAA trends and compliance issues within OCR's jurisdiction that are affecting the public and the regulated industry.

Midway through a decade that is coming to be defined by the runaway acceleration of technological change, the threat of ransomware attacks seems to be dropping down the agenda in boardrooms around the world, with C-suite executives more concerned about growing risks arising from artificial intelligence (AI) vulnerabilities, cyber-enabled fraud and phishing attacks, disruption to supply chains, and exploitation of software vulnerabilities.

Trackers keeping an eye on ransomware leak sites logged more than 8,000 claimed victims worldwide in 2025, a rise of more than 50 percent compared to 2023. The counts come from outfits watching dark web shaming pages such as Ransomware.live and RansomLook.io, so they only include cases where crooks decided to post receipts. Plenty of victims, Emsisoft says, will have paid up, recovered, or kept quiet without ever appearing on a leak site.

Manage My Health, a portal enabling connection between individuals and their healthcare providers, experienced a cyberattack identified on Dec. 30. The New Zealand-based organization published a statement to its website the following day, and as of Jan. 5, has continued to post subsequent updates as information has come available. Following the forensic investigations, the organization believes around 7% of 1.8 million registered patients may have been impacted.

The National Crime Agency's (NCA) Gavin Webb was among the names on the King's most recent New Year Honours list for 2026. Webb was given an Officer of the Order of the British Empire (OBE) award.