#ransomware

#ransomware

In the past year, the rapid democratization of AI has opened the door for a new class of haunting threats. Malware creation, once a domain requiring deep expertise and significant time, can now be automated in mere seconds. It's no longer about who has the most sophisticated tools, but who can leverage AI the fastest - and the current advantage favors the bad actors. It's like a haunted house gone wrong, and the monsters are in control.

In July, Microsoft fixed a flaw in its file sharing service SharePoint that was already being exploited by attackers. Later that month, Microsoft warned that hackers were making use of the zero-day to distribute ransomware, adding even more risk to the serious vulnerability. The SharePoint flaw is just one example of attackers becoming faster at exploiting vulnerabilities before they can be properly addressed by vendors and patched by organizations.

Typically, when ransomware gets into a Windows machine, it first scans the cached memory, registry keys, file paths, and running processes to see whether the system is already infected, running on a malware analyst's computer, or trying to run in the sandboxed environment of a virtualized machine. If it sees any of these signs, it gives up, but if not, the ransomware sends a message back to the cybercriminals' servers

In what officials described as a call to arms, national security officials and ministers are urging all organisations, from the smallest businesses to the largest employers, to draw up contingency plans for the eventuality that your IT infrastructure [is] crippled tomorrow and all your screens [go] blank. The NCSC, which is part of GCHQ, said highly sophisticated China, capable and irresponsible Russia, Iran and North Korea were the main state threats, in its annual review published on Tuesday.

Dozens of Orgs Impacted by Exploitation of Oracle EBS Flaw - Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025, according to Google Threat Intelligence Group (GTIG) and Mandiant. The activity, which bears some hallmarks associated with the Cl0p ransomware crew, is assessed to have fashioned together multiple distinct vulnerabilities, including a zero-day flaw tracked as CVE-2025-61882 (CVSS score: 9.8), to breach target networks and exfiltrate sensitive data.

Salesforce Inc. told customers Tuesday that it won't pay a ransom demand from a hacker who claimed to have stolen a large amount of client data and threatened to publish it, according to an email seen by Bloomberg News. The company said in a security notification that it had received "credible threat intelligence" indicating that a hacking group, known as ShinyHunters, was planning to share information stolen during a security incident earlier in the year involving a number of its customers, according to the email.

In a very aggressive - and disgusting - attempt to extort a ransom payment from Kido, the criminals published profiles of 10 children, including photos, names, and home addresses, along with their parents' contact details and in some cases places of work, threatening to expose more if the ransom demand wasn't met. A new crime crew calling itself the Radiant Group claimed responsibility for the attack, and posted the preschool's name, along with its pupils' profiles, as the first leak on its dark web site. The ransomware gang later deleted the kids' and parents' data, apparently under pressure from other criminals - but not before some of the parents reported receiving threatening calls.

Ransomware attacks have loomed for years as an urgent digital threat with no easy solution -especially as they have evolved to include data grab-and-leak attacks that may not even involve data-encrypting malware at all. Traditional ransomware that locks up files and systems is still rampant, though, and Google on Tuesday launched a new defense for its Google Drive for desktop apps that aims to quickly detect ransomware activity and halt cloud syncing before an infection can spread.

The Windows variant now loads payloads via DLL reflection and employs aggressive anti-analysis packing; the Linux variant accepts command-line directives to tailor which directories and file types to hit; and the ESXi version is built to seize virtualization infrastructure by encrypting VMs. What's more, each encrypted file is stamped with a random 16-character extension, a move designed to make restoring your data even more of a nightmare.

The company said in an SEC filing that it became aware of the cybersecurity incident on September 19. The disclosure does not mention Collins Aerospace, the subsidiary that offers the impacted airport check-in and boarding solutions. RTX confirmed that customers have resorted to backup and manual processes, which has led to flights being delayed and cancelled. The company explained that ransomware was found on "systems that support its Multi-User System Environment (MUSE) passenger processing software," adding, "This software enables multiple airlines to share check-in and gate resources at airports, including baggage handling.

The 80th session of the United Nations General Assembly is in New York this week. One issue that's at the top of the agenda is connected to the war in Gaza. Several countries announced over the weekend that they will formally recognize a state of Palestine. Other US allies are doing the same this week. Also, from London to Brussels and Berlin, some of Europe's biggest airports are grappling with a ransomware attack that has caused delays and cancellations.