Ransomware
Malicious software used in ransom demands
Follow Ransomware on Notably News to receive short updates to your email — rarely!
We include updates on LockBit, Park Jin Hyok, CryptoLocker, British Library cyberattack, REvil, Rensenware, Denis Periša, TeslaCrypt, PGPCoder, Linux.Encoder, KeRanger, Dridex, CryptMix, Locky, LogicLocker, Vice Society ... and more.
| 2025 |
LockBit
Israeli developer Rostislav Panev was extradited to the United States for participating in the development of LockBit ransomware, three months after being charged with cybercrime.
|
| 2024 |
British Library cyberattack
Around 20,000 writers, illustrators, and translators experienced delays in their Public Lending Right payments due to the cyberattack.
|
| 2024 | Ransomware payments sharply dropped to $813 million, attributed to victim non-payment and law enforcement actions. |
| December 2024 | Targeted the Pembina Trails School Division with a cyber incident. |
| November 2024 | Targeted Rutherford County Schools in Tennessee with a cyberattack, likely involving data breach or ransomware. |
| August 2024 | Conducted a cyberattack on Seattle-Tacoma International Airport, compromising its digital systems. |
| August 5 2024 |
2024 cyberattack on Kadokawa and Niconico
Niconico and Kadokawa's official website services were restored and went back online.
|
| July 2024 | Attacked the City of Columbus, Ohio, releasing over 3 TB of data on the dark web after attempting to extort $1.7M (30 Bitcoin) from the city. |
| July 30 2024 |
British Library cyberattack
Library announces plans to restore remote ordering of physical media by September 2024, incrementally re-release digital manuscripts, and restore educational websites and digital academic journals before the 2024–25 academic year.
|
| July 10 2024 |
2024 cyberattack on Kadokawa and Niconico
Kadokawa released a public statement warning that legal action would be taken against anyone disseminating leaked information from the data breach.
|
| June 2024 |
LockBit
LockBit claimed responsibility for a major breach of Evolve Bank & Trust, threatening to leak data from the bank and its financial technology partners, including Stripe, Mercury, Affirm, and Airwallex.
|
| June 2024 |
LockBit
Attacked the University Hospital Center in Zagreb, Croatia, causing significant disruption and claiming to have exfiltrated medical records and employee information. The Croatian government refused their demands.
|
| June 27 2024 |
2024 cyberattack on Kadokawa and Niconico
Russian-linked hacker group 'BlackSuit' claimed responsibility for the attack on the dark web, threatening to publish 1.5 terabytes of stolen business partner and user data unless a ransom was paid by July 1.
|
| June 14 2024 |
2024 cyberattack on Kadokawa and Niconico
Kadokawa confirmed the outage was caused by a ransomware cyberattack. Attackers were observed restarting servers to spread malware, prompting Kadokawa to physically disconnect server power and communication cables. Niconico simultaneously set up a temporary website detailing the situation.
|
| June 9 2024 |
2024 cyberattack on Kadokawa and Niconico
Kadokawa reported the cyberattack incident to the police, expert specialists, and the Kanto Local Finance Bureau.
|
| June 8 2024 |
2024 cyberattack on Kadokawa and Niconico
Connection problems reported with Kadokawa Group services including Niconico starting around 3:30 JST. Dwango stopped all Niconico services around 6:00 JST and initiated maintenance.
|
| June 8 2024 |
2024 cyberattack on Kadokawa and Niconico
A ransomware cyberattack by the Russian-linked hacker group BlackSuit targeted Kadokawa's website and the Japanese video-sharing platform Niconico, occurring on the morning of the day.
|
| June 5 2024 |
2024 cyberattack on Kadokawa and Niconico
Wired published an analysis stating that ransomware attacks are 'accelerating in 2024', contextualizing the Kadokawa-Niconico cyberattack within a broader trend of increasing cyber threats.
|
| June 3 2024 |
2024 cyberattack on Kadokawa and Niconico
Kadokawa Taiwan reported a significant cyberattack resulting in the leak of personal and corporate information, highlighting vulnerabilities in the organization's cybersecurity infrastructure.
|
| June 2 2024 |
2024 cyberattack on Kadokawa and Niconico
Japanese Prime Minister Fumio Kishida ordered his minister to develop a bill aimed at enhancing Japan's 'active cyber defense', one day before the Kadokawa Taiwan cyberattack.
|
| May 2024 | BlackCat (ALPHV) cyber gang conducted a ransomware attack on the servers and endpoint devices of Hong Kong's Consumer Council, as reported by The Standard (Hong Kong). |
| May 2024 |
Health Service Executive ransomware attack
473 legal actions were reported against the Health Service Executive (HSE) in relation to the ransomware attack, with the State Claims Agency managing 12 personal injury cases primarily focused on the psychological impact of the cyber incident.
|
| May 23 2024 |
LockBit
Attacked London Drugs, forcing closure of all Canadian locations, and demanded $25 million ransom. After the company refused, LockBit leaked data and the company offered identity theft protection to affected employees.
|
| May 21 2024 |
LockBit
LockBit claimed responsibility for a cyberattack on London Drugs, demanding $25 million ransom. The attack had previously caused nationwide store closures from April 28 to May 7.
|
| May 7 2024 |
LockBit
Charges and sanctions were announced against Dmitry Khoroshev, alleged administrator and developer of LockBit.
|
| May 1 2024 |
REvil
Yaroslav Vasinskyi was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution after pleading guilty to cybercrime and money laundering charges.
|
| April 2024 |
Akira
By April 2024, Akira ransomware was estimated to have earned approximately $42 million from its ransomware-as-a-service operations since its inception.
|
| March 2024 | A representative for BlackCat announced the group was shutting down in the aftermath of the Change Healthcare ransomware attack. |
| March 8 2024 |
British Library cyberattack
Roly Keating publishes a blog post announcing a comprehensive report about the cyberattack and introducing a 'Rebuild & Renew' scheme to improve future incident response, including a shift towards cloud technologies.
|
| February 2024 |
Dridex
LockBit, an affiliate of Evil Corp, is disrupted by an international law enforcement operation called Operation Cronos, led by the UK's National Crime Agency (NCA).
|
| February 2024 | A coordinated international operation successfully took down the LockBit ransomware gang, while the BlackCat/ALPHV gang disappeared. |
| February 24 2024 |
LockBit
A new LockBit website emerged, claiming to list over a dozen victims including the FBI, hospitals, and Fulton County, Georgia. The site threatened to release jury identities and court documents related to Donald Trump if a ransom was not paid by March 2.
|
| February 19 2024 |
LockBit
National Crime Agency, Europol, and international law enforcement agencies conducted Operation Cronos, seizing LockBit's darknet websites. Four individuals were arrested (one in Ukraine, one in Poland, two in the United States), and two Russians were named. Law enforcement seized the group's source code and obtained decryption keys.
|
| January 2024 |
British Library cyberattack
Partial restoration of the computerised catalogue occurred after being offline for months following the cyberattack.
|
| January 2024 |
LockBit
Attacked Fulton County computers, with the county confirming no ransom was paid and no sensitive information was extracted.
|
| January 15 2024 |
British Library cyberattack
The British Library's main catalogue was restored online in a read-only format following the cyberattack, with several services expected to remain unavailable for months.
|
| January 10 2024 |
British Library cyberattack
Library announces partial service restoration beginning 15 January, with Chief Executive Roly Keating apologizing for the two-month disruption to researchers' work.
|
| January 5 2024 |
British Library cyberattack
Financial Times reports the Library will use around 40 percent of its financial reserves to recover from the attack, estimated at £6–7 million.
|
| 2023 | Ransomware payments reached a record high of $1.25 billion. |
| 2023 | The FBI and CISA jointly issued an advisory providing detailed information on Royal ransomware's tactics, techniques, procedures (TTPs), and indicators of compromise (IOCs) to help organizations defend against their attacks. |
| 2023 | Rhysida executed a significant cyberattack on the British Library, encrypting their data and threatening to publicly release it unless a ransom was paid. |
| 2023 | Launched a cyberattack against the Chilean army, demonstrating their capability to target military organizations. |
| 2023 | Rhysida conducted a data dump targeting Insomniac Games, potentially exposing sensitive company information. |
| 2023 |
LockBit
Early 2023 estimates indicate LockBit is responsible for 44% of all global ransomware incidents.
|
| 2023 |
The Ransomware Hunting Team
The audiobook, narrated by BD Wong, won the Audie Award for Nonfiction.
|
| 2023 |
U.S. Ransomware Task Force
The RTF successfully dismantled the Hive, an international ransomware network that had extorted hundreds of millions of dollars from victims in the United States and internationally.
|
|
We are only showing the most recent entries for this topic. |
|
This contents of the box above is based on material from the Wikipedia articles LockBit, British Library cyberattack, Ransomware, U.S. Ransomware Task Force, Royal (cyber gang), Dridex, Health Service Executive ransomware attack, Akira (ransomware), REvil, 2024 cyberattack on Kadokawa and Niconico, BlackCat (cyber gang), The Ransomware Hunting Team & Rhysida (hacker group), which are released under the Creative Commons Attribution-ShareAlike 4.0 International License.