Tag RansomHub

🔍 Weekly Overview: Nation-State Cyber Attacks, Spyware Warnings, Deepfake Malware Threats, and Supply Chain Vulnerabilities

This week, cybersecurity experts reported a notable uptick in stealthy tactics employed by malicious actors, indicating that the real challenge may lie in identifying the threats that have already infiltrated systems rather than defending against external breaches. Attack methodologies increasingly leverage AI to manipulate public opinion, while malware masquerades within…

Read More🔍 Weekly Overview: Nation-State Cyber Attacks, Spyware Warnings, Deepfake Malware Threats, and Supply Chain Vulnerabilities

RansomHub Disappears on April 1; Affiliates Shift to Qilin as DragonForce Takes Over

April 30, 2025
Cybercrime / Threat Intelligence

Cybersecurity experts have reported that RansomHub’s online operations unexpectedly went offline on April 1, 2025, raising alarm among its affiliates in the ransomware-as-a-service (RaaS) ecosystem. According to Singaporean cybersecurity firm Group-IB, this disruption has likely led to affiliates migrating to Qilin, with evidence showing that disclosures on its data leak site have surged since February. RansomHub, which debuted in February 2024, has reportedly compromised data from over 200 victims. It quickly eclipsed prominent RaaS groups LockBit and BlackCat, attracting affiliates like Scattered Spider and Evil Corp with enticing profit-sharing models. “After potentially acquiring the web application and source code for Knight (formerly Cyclops), RansomHub swiftly gained traction in the ransomware landscape, leveraging a feature-rich multi-platform encryptor and a robust, affiliate-friendly approach…”

RansomHub Disappears from the Cyber Landscape; Affiliates Shift to Qilin While DragonForce Claims Leadership April 30, 2025 In a significant turn of events within the cybercriminal ecosystem, the ransomware-as-a-service (RaaS) operation known as RansomHub has unexpectedly gone offline as of April 1, 2025. This abrupt disappearance has raised alarms among…

Read More

RansomHub Disappears on April 1; Affiliates Shift to Qilin as DragonForce Takes Over

April 30, 2025
Cybercrime / Threat Intelligence

Cybersecurity experts have reported that RansomHub’s online operations unexpectedly went offline on April 1, 2025, raising alarm among its affiliates in the ransomware-as-a-service (RaaS) ecosystem. According to Singaporean cybersecurity firm Group-IB, this disruption has likely led to affiliates migrating to Qilin, with evidence showing that disclosures on its data leak site have surged since February. RansomHub, which debuted in February 2024, has reportedly compromised data from over 200 victims. It quickly eclipsed prominent RaaS groups LockBit and BlackCat, attracting affiliates like Scattered Spider and Evil Corp with enticing profit-sharing models. “After potentially acquiring the web application and source code for Knight (formerly Cyclops), RansomHub swiftly gained traction in the ransomware landscape, leveraging a feature-rich multi-platform encryptor and a robust, affiliate-friendly approach…”

Manpower Data Breach Affects 144K as Workday Confirms Third-Party CRM Hack

A cyberattack on Manpower’s Michigan office has compromised the data of 144,000 individuals, while Workday faces a data breach linked to a broader social engineering scheme. These incidents underscore the escalating risks posed by cyber threats. Recently, two significant organizations—global staffing agency Manpower and software provider Workday—have reported separate cyberattacks…

Read MoreManpower Data Breach Affects 144K as Workday Confirms Third-Party CRM Hack

Qilin Ransomware Introduces “Call Lawyer” Feature to Increase Pressure on Victims for Higher Ransoms

June 20, 2025
Ransomware / Cybercrime

The operators of the Qilin ransomware-as-a-service (RaaS) platform have unveiled a new “Call Lawyer” feature intended to pressure victims into paying larger ransoms. This strategic move comes as the group ramps up its activities to capitalize on the decline of competing cybercriminals. According to Israeli cybersecurity firm Cybereason, this feature is integrated into the affiliate panel, allowing affiliates to present legal counsel offers to victims.

This development marks a resurgence in Qilin’s operations at a time when other once-dominant ransomware factions, such as LockBit, Black Cat, and others, have faced sudden shutdowns and operational issues. Active since October 2022 and also known as Gold Feather and Water Galura, Qilin has emerged as a significant player in the ransomware landscape.

Data from dark web leak sites reveals that Qilin was responsible for 72 attacks in April 2025 and an estimated 55 in May, placing it behind only Safepay (72) and Luna Moth (67) in activity.

Qilin Ransomware Introduces “Call Lawyer” Feature to Boost Pressure on Victims June 20, 2025 In a notable shift within the landscape of ransomware attacks, the Qilin ransomware-as-a-service (RaaS) group has recently added a new feature aimed at compelling victims to comply with ransom demands. The “Call Lawyer” functionality, as reported…

Read More

Qilin Ransomware Introduces “Call Lawyer” Feature to Increase Pressure on Victims for Higher Ransoms

June 20, 2025
Ransomware / Cybercrime

The operators of the Qilin ransomware-as-a-service (RaaS) platform have unveiled a new “Call Lawyer” feature intended to pressure victims into paying larger ransoms. This strategic move comes as the group ramps up its activities to capitalize on the decline of competing cybercriminals. According to Israeli cybersecurity firm Cybereason, this feature is integrated into the affiliate panel, allowing affiliates to present legal counsel offers to victims.

This development marks a resurgence in Qilin’s operations at a time when other once-dominant ransomware factions, such as LockBit, Black Cat, and others, have faced sudden shutdowns and operational issues. Active since October 2022 and also known as Gold Feather and Water Galura, Qilin has emerged as a significant player in the ransomware landscape.

Data from dark web leak sites reveals that Qilin was responsible for 72 attacks in April 2025 and an estimated 55 in May, placing it behind only Safepay (72) and Luna Moth (67) in activity.

Scattered Spider Takes Advantage of VMware vSphere

Fraud Management & Cybercrime, Social Engineering Hacking Tactics Linked to Retail and Airline Breaches Akshaya Asokan (asokan_akshaya) • July 25, 2025 Image: Shutterstock A group of adolescent cybercriminals known as Scattered Spider has recently targeted VMware hypervisors, successfully infiltrating corporate environments through Active Directory. This emerging threat landscape has led…

Read MoreScattered Spider Takes Advantage of VMware vSphere

Another Medical Practice Shuts Down Following Cyberattack

Business Continuity Management / Disaster Recovery, Cryptocurrency Fraud, Fraud Management & Cybercrime Alpha Wellness Announces Permanent Closure Following ‘Devastating’ Cyberattack Marianne Kolbasuk McGee (HealthInfoSec) • July 22, 2025 Image: Alpha Medical Centre A small medical provider in Georgia, Ascension Health Services LLC, operating as Alpha Wellness and Alpha Medical Centre,…

Read MoreAnother Medical Practice Shuts Down Following Cyberattack

British Police Dismantle Spider Silk Operation, Arresting Four Suspects in England

Cybercrime, Fraud Management & Cybercrime, Geo Focus: The United Kingdom Arrests Made in Connection with April Ransomware Strikes Against M&S, Co-Op, and Harrods Mathew J. Schwartz (euroinfosec) • July 10, 2025 Image: Andy Sutherland/Shutterstock British authorities have apprehended four individuals linked to a series of high-profile cybersecurity incidents affecting top-tier…

Read MoreBritish Police Dismantle Spider Silk Operation, Arresting Four Suspects in England

Honor Among Thieves: The M&S Hacking Group Sparks Turf War

Cybercriminal Landscape Shifting as DragonForce Targets RansomHub Affiliates Recent developments in the cybercrime realm have emerged, with the hacking group DragonForce reportedly targeting affiliates of RansomHub in a move that raises concerns over the stability within the ransomware ecosystem. Genevieve Stark, head of cybercrime analysis at Google Threat Intelligence Group,…

Read MoreHonor Among Thieves: The M&S Hacking Group Sparks Turf War