ShinyHunters Demands $1.5M Ransom
Read More: buff.ly/R6dAwCB

#ShinyHunters #RansomDemand #DataExtortion #EmployeeData #CyberCrime #BitcoinRansom #BreachAlert #Infosec

ShinyHunters Expands Scope of SaaS Extortion Attacks Following its Salesforce attacks last year, the cybercrime group has broadened its targeting and gotten more aggressive with extortion tactics.

ShinyHunters is expanding SaaS extortion — shifting from breaches to pressure campaigns across cloud apps. When data is everywhere, leverage is too. ☁️💣 #DataExtortion #SaaSSecurity

Exposed MongoDB instances still targeted in data extortion attack detected more than 208,500 publicly exposed MongoDB servers read more about Exposed MongoDB instances still targeted in data extortion attack

Exposed MongoDB instances still targeted in data extortion attacks reconbee.com/exposed-mong...

#MongoDB #dataextortion #data #cyberattacks

Nike investigates data breach after extortion gang leaks files Nike is investigating what it described as a "potential cyber security incident" after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant.

Nike investigates a data breach after an extortion gang leaks internal files — brand power doesn’t stop data pressure. Extortion, not encryption, is now the leverage. 👟🔓 #DataExtortion #Breach

Waltio Faces Ransom Threat From Hackers
Read More: buff.ly/1X0LiaE

#Ransomware #ShinyHunters #CryptoSecurity #DataExtortion #PrivacyRisk #CyberCrime #Infosec #FinTechSecurity #BreachAlert

Hackers threaten to release ‘exact’ details of unreleased Apple products
Read More: buff.ly/ZxstnyN

#Ransomware #SupplyChainSecurity #AppleSecurity #IPTheft #ManufacturingCyber #RansomHub #DataExtortion

Everest Ransomware Claims McDonalds Breach
Read More: buff.ly/l77T2GY

#Ransomware #EverestRansomware #DataExtortion #McDonalds #DataLeak #CyberCrime #BreachAlert #InfosecNews

Target Dev Server Offline After Hack
Read More: buff.ly/9lAkaT2

#TargetBreach #SourceCodeLeak #DevSecOps #GitSecurity #RepoExposure #SupplyChainRisk #CorporateEspionage #IncidentResponse #DataExtortion

Sedgwick Discloses Ransomware Breach
Read More: buff.ly/ICBJ3qs

#SedgwickBreach #RansomwareAttack #FederalContractor #DataExtortion #CyberIncident #ThirdPartyRisk #InfosecNews

Clop Hits CentreStack Servers
Read More: buff.ly/oaY3MkH

#ClopRansomware #CentreStack #Gladinet #RansomwareCampaign #DataExtortion #FileServerSecurity #ActiveExploitation #ThreatIntel #CyberCrime

RansomHouse Develops More Complex Encryption for Recent Attacks   The ransomware group known as RansomHouse has recently enhanced the encryption mechanism used in its attacks, moving away from a basic, single-step process to a more advanced, multi-layered approach. This change reflects a deliberate effort to strengthen the effectiveness of its ransomware operations. Earlier versions of the encryptor relied on a linear method, where data was transformed in one continuous pass. The updated version introduces multiple stages of processing, which results in stronger encryption, improved execution speed, and greater stability across modern systems. These improvements increase the pressure on victims by making encrypted data harder to recover and negotiations more favorable for attackers after systems are locked. RansomHouse first appeared in late 2021 as a cybercrime group focused on data extortion, where stolen information was used as leverage rather than encryption alone. Over time, the group expanded its tactics and began deploying ransomware encryptors during attacks. It also developed an automated tool, known as MrAgent, designed to simultaneously encrypt multiple VMware ESXi hypervisors, a technique that allows attackers to disrupt large virtualized environments efficiently. In more recent activity, security analysts observed RansomHouse using more than one ransomware strain during attacks on a major Japanese e-commerce company. This suggests a flexible operational strategy rather than reliance on a single malware family. Further insight into the group’s evolving capabilities comes from a new analysis by cybersecurity researchers, who examined RansomHouse’s latest encryptor, internally referred to as “Mario.” This version introduces a two-stage data transformation process that relies on two different encryption keys: one substantially longer than the other. Using multiple keys increases the randomness of the encrypted output, making partial file recovery or reconstruction far more challenging. The updated encryptor also changes how files are handled during the encryption process. Instead of treating all files the same way, it adjusts its behavior based on file size. Large files are processed in dynamically sized chunks, with encryption applied intermittently rather than continuously. This irregular pattern makes the malware harder to analyze because it avoids predictable processing behavior. Researchers also noted improvements in how the encryptor manages memory. The newer version separates tasks across multiple buffers, with each buffer assigned a specific role during encryption. This design increases operational complexity and reduces inefficiencies found in earlier variants. Another visible change is the amount of internal information displayed during file processing. Unlike older versions, which only indicated when encryption was complete, the new encryptor provides more detailed status output as it operates. Despite these changes, the ransomware continues to focus on virtual machine-related files, renaming encrypted data with a new extension and placing ransom instructions across affected directories. Security researchers caution that these upgrades indicate a troubling direction in ransomware development. While RansomHouse does not carry out attacks at the scale of larger ransomware groups, its continued investment in advanced encryption techniques points to a strategy centered on precision, resilience, and evasion rather than volume.

RansomHouse Develops More Complex Encryption for Recent Attacks #CyberCrime #DataExtortion #Encryption

Akira Ramps up Ransomware Activity With New Variant And More Aggressive Intrusion Methods   Akira, one of the most active ransomware operations this year, has expanded its capabilities and increased the scale of its attacks, according to new threat intelligence shared by global security agencies. The group’s operators have upgraded their ransomware toolkit, continued to target a broad range of sectors, and sharply increased the financial impact of their attacks. Data collected from public extortion portals shows that by the end of September 2025 the group had claimed roughly 244.17 million dollars in ransom proceeds. Analysts note that this figure represents a steep rise compared to estimates released in early 2024. Current tracking data places Akira second in overall activity among hundreds of monitored ransomware groups, with more than 620 victim organisations listed this year. The growing number of incidents has prompted an updated joint advisory from international cyber authorities. The latest report outlines newly observed techniques, warns of the group’s expanded targeting, and urges all organisations to review their defensive posture. Researchers confirm that Akira has introduced a new ransomware strain, commonly referenced as Akira v2. This version is designed to encrypt files at higher speeds and make data recovery significantly harder. Systems affected by the new variant often show one of several extensions, which include akira, powerranges, akiranew, and aki. Victims typically find ransom instructions stored as text files in both the main system directory and user folders. Investigations show that Akira actors gain entry through several familiar but effective routes. These include exploiting security gaps in edge devices and backup servers, taking advantage of authentication bypass and scripting flaws, and using buffer overflow vulnerabilities to run malicious code. Stolen or brute forced credentials remain a common factor, especially when multi factor authentication is disabled. Once inside a network, the attackers quickly establish long-term access. They generate new domain accounts, including administrative profiles, and have repeatedly created an account named itadm during intrusions. The group also uses legitimate system tools to explore networks and identify sensitive assets. This includes commands used for domain discovery and open-source frameworks designed for remote execution. In many cases, the attackers uninstall endpoint detection products, change firewall rules, and disable antivirus tools to remain unnoticed. The group has also expanded its focus to virtual and cloud based environments. Security teams recently observed the encryption of virtual machine disk files on Nutanix AHV, in addition to previous activity on VMware ESXi and Hyper-V platforms. In one incident, operators temporarily powered down a domain controller to copy protected virtual disk files and load them onto a new virtual machine, allowing them to access privileged credentials. Command and control activity is often routed through encrypted tunnels, and recent intrusions show the use of tunnelling services to mask traffic. Authorities warn that data theft can occur within hours of initial access. Security agencies stress that the most effective defence remains prompt patching of known exploited vulnerabilities, enforcing multi factor authentication on all remote services, monitoring for unusual account creation, and ensuring that backup systems are fully secured and tested.

Akira Ramps up Ransomware Activity With New Variant And More Aggressive Intrusion Methods #Akira #CyberSecurity #DataExtortion

Europe Sees Increase in Ransomware, Extortion Attacks European organizations face an escalating cyber threat landscape as attackers leverage geopolitical tensions and AI-enhanced social engineering.

Ransomware extortion is surging across Europe — where stolen data, not encryption, is now the weapon of choice. 💶💣 #Ransomware #DataExtortion

Cybercrime's new powerhouse: Scattered Spider, LAPSUS$, and ShinyHunters unite as Scattered LAPSUS$ Hunters, intensifying data extortion and targeting Salesforce users. #CyberSecurity #DataExtortion #Salesforce Link: thedailytechfeed.com/cybercrime-g...

⚠️ Salesforce rejects ransom demand after data extortion

#Salesforce says it will not negotiate with or pay extortionists claiming they stole data from its customers.

ScatteredLapsus$Hunters target client systems, not the core Salesforce platform.

#ransomNews #dataextortion #cloudsecurity

🚨 Hackers extort Salesforce after mass customer data theft

SSLSH breached #Salesforce by exploiting permissions flaws, stole customer data from dozens of clients, and is now extorting both Salesforce and affected customers.

#ransomNews #SalesforceHack #DataExtortion

Hunters International's Shift to Data Extortion: A New Era in Cybercrime | The DefendOps Diaries Explore Hunters International's shift from ransomware to data extortion, highlighting new cybercrime trends and tactics.

Hunters International just reinvented itself as "World Leaks" – switching from ransomware to a full-blown data extortion play. Could your sensitive info be next? Read the surprising shift in cybercrime tactics.

#dataextortion
#cybercrime
#huntersinternational
#cybersecuritytrends
#databreach