Ransomware
Malicious software used in ransom demands
Follow Ransomware on Notably News to receive short updates to your email — rarely!
We include updates on LockBit, Park Jin Hyok, CryptoLocker, British Library cyberattack, REvil, Rensenware, Denis Periša, TeslaCrypt, PGPCoder, Linux.Encoder, KeRanger, Dridex, CryptMix, Locky, LogicLocker, Vice Society ... and more.
| May 2025 | A whistleblower using the alias GangExposed began publicly naming members of the Conti ransomware gang on Telegram, revealing key participants including Vitaly Nikolaevich Kovalev (leader), Vladimir Viktorovich Kvitko, Andrey Yuryevich Zhuykov, and Mikhail Mikhailovich Tsaryov. |
| May 2025 |
LockBit
LockBit's infrastructure was breached and completely defaced, resulting in a comprehensive data dump that exposed sensitive information including Bitcoin wallet addresses, private encryption keys, internal chat logs, and affiliate details.
|
| April 2025 |
Akira
Yohanes developed a public decryptor for Akira ransomware that uses multiple GPUs to perform a bruteforce attack and crack private keys. The tool is specifically available for the Linux variant of Akira Ransomware and is published on Github with a usage guide.
|
| 2025 |
LockBit
Israeli developer Rostislav Panev was extradited to the United States for participating in the development of LockBit ransomware, three months after being charged with cybercrime.
|
| March 2025 |
LockBit
Cybersecurity researchers reported that a ransomware group called Mora_001 used a variant of LockBit 3.0 to create a new ransomware strain called SuperBlack, suggesting possible operational links between the groups.
|
| 2024 |
LockBit
The FBI's Internet Crime Report identified LockBit as the most reported ransomware targeting U.S. critical infrastructure. Cisco Talos ranked LockBit as the top ransomware group, responsible for 16 percent of attacks.
|
| 2024 |
British Library cyberattack
Around 20,000 writers, illustrators, and translators experienced delays in their Public Lending Right payments due to the cyberattack.
|
| 2024 | Ransomware payments sharply dropped to $813 million, attributed to victim non-payment and law enforcement actions. |
| December 2024 |
LockBit
LockBit announced version 4.0 of its ransomware, scheduled for release in February 2025, and expanded its dark web infrastructure while sharing samples with researchers.
|
| December 2024 | Targeted the Pembina Trails School Division with a cyber incident. |
| November 2024 | Targeted Rutherford County Schools in Tennessee with a cyberattack, likely involving data breach or ransomware. |
| August 2024 | Conducted a cyberattack on Seattle-Tacoma International Airport, compromising its digital systems. |
| August 5 2024 |
2024 cyberattack on Kadokawa and Niconico
Niconico and Kadokawa's official website services were restored and went back online.
|
| July 2024 | Attacked the City of Columbus, Ohio, releasing over 3 TB of data on the dark web after attempting to extort $1.7M (30 Bitcoin) from the city. |
| July 30 2024 |
British Library cyberattack
Library announces plans to restore remote ordering of physical media by September 2024, incrementally re-release digital manuscripts, and restore educational websites and digital academic journals before the 2024–25 academic year.
|
| July 10 2024 |
2024 cyberattack on Kadokawa and Niconico
Kadokawa released a public statement warning that legal action would be taken against anyone disseminating leaked information from the data breach.
|
| June 2024 |
LockBit
LockBit claimed responsibility for a major breach of Evolve Bank & Trust, threatening to leak data from the bank and its financial technology partners, including Stripe, Mercury, Affirm, and Airwallex.
|
| June 2024 |
LockBit
Attacked the University Hospital Center in Zagreb, Croatia, causing significant disruption and claiming to have exfiltrated medical records and employee information. The Croatian government refused their demands.
|
| June 27 2024 |
2024 cyberattack on Kadokawa and Niconico
Russian-linked hacker group 'BlackSuit' claimed responsibility for the attack on the dark web, threatening to publish 1.5 terabytes of stolen business partner and user data unless a ransom was paid by July 1.
|
| June 14 2024 |
2024 cyberattack on Kadokawa and Niconico
Kadokawa confirmed the outage was caused by a ransomware cyberattack. Attackers were observed restarting servers to spread malware, prompting Kadokawa to physically disconnect server power and communication cables. Niconico simultaneously set up a temporary website detailing the situation.
|
| June 9 2024 |
2024 cyberattack on Kadokawa and Niconico
Kadokawa reported the cyberattack incident to the police, expert specialists, and the Kanto Local Finance Bureau.
|
| June 8 2024 |
2024 cyberattack on Kadokawa and Niconico
Connection problems reported with Kadokawa Group services including Niconico starting around 3:30 JST. Dwango stopped all Niconico services around 6:00 JST and initiated maintenance.
|
| June 8 2024 |
2024 cyberattack on Kadokawa and Niconico
A ransomware cyberattack by the Russian-linked hacker group BlackSuit targeted Kadokawa's website and the Japanese video-sharing platform Niconico, occurring on the morning of the day.
|
| June 5 2024 |
2024 cyberattack on Kadokawa and Niconico
Wired published an analysis stating that ransomware attacks are 'accelerating in 2024', contextualizing the Kadokawa-Niconico cyberattack within a broader trend of increasing cyber threats.
|
| June 3 2024 |
2024 cyberattack on Kadokawa and Niconico
Kadokawa Taiwan reported a significant cyberattack resulting in the leak of personal and corporate information, highlighting vulnerabilities in the organization's cybersecurity infrastructure.
|
| June 2 2024 |
2024 cyberattack on Kadokawa and Niconico
Japanese Prime Minister Fumio Kishida ordered his minister to develop a bill aimed at enhancing Japan's 'active cyber defense', one day before the Kadokawa Taiwan cyberattack.
|
| May 2024 | BlackCat (ALPHV) cyber gang conducted a ransomware attack on the servers and endpoint devices of Hong Kong's Consumer Council, as reported by The Standard (Hong Kong). |
| May 2024 |
Health Service Executive ransomware attack
473 legal actions were reported against the Health Service Executive (HSE) in relation to the ransomware attack, with the State Claims Agency managing 12 personal injury cases primarily focused on the psychological impact of the cyber incident.
|
| May 23 2024 |
LockBit
Attacked London Drugs, forcing closure of all Canadian locations, and demanded $25 million ransom. After the company refused, LockBit leaked data and the company offered identity theft protection to affected employees.
|
| May 21 2024 |
LockBit
LockBit claimed responsibility for a cyberattack on London Drugs, demanding $25 million ransom. The attack had previously caused nationwide store closures from April 28 to May 7.
|
| May 7 2024 |
LockBit
Charges and sanctions were announced against Dmitry Khoroshev, alleged administrator and developer of LockBit.
|
| May 1 2024 |
REvil
Yaroslav Vasinskyi was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution after pleading guilty to cybercrime and money laundering charges.
|
| April 2024 |
Akira
By April 2024, Akira ransomware was estimated to have earned approximately $42 million from its ransomware-as-a-service operations since its inception.
|
| March 2024 | A representative for BlackCat announced the group was shutting down in the aftermath of the Change Healthcare ransomware attack. |
| March 8 2024 |
British Library cyberattack
Roly Keating publishes a blog post announcing a comprehensive report about the cyberattack and introducing a 'Rebuild & Renew' scheme to improve future incident response, including a shift towards cloud technologies.
|
| February 2024 |
LockBit
Law enforcement closed down the LockBit server, revealing a new version called LockBit-NG-Dev (likely LockBit 4.0) was under advanced development, as reported by Trend Micro.
|
| February 2024 |
Dridex
LockBit, an affiliate of Evil Corp, is disrupted by an international law enforcement operation called Operation Cronos, led by the UK's National Crime Agency (NCA).
|
| February 2024 | A coordinated international operation successfully took down the LockBit ransomware gang, while the BlackCat/ALPHV gang disappeared. |
| February 24 2024 |
LockBit
A new LockBit website emerged, claiming to list over a dozen victims including the FBI, hospitals, and Fulton County, Georgia. The site threatened to release jury identities and court documents related to Donald Trump if a ransom was not paid by March 2.
|
| February 19 2024 |
LockBit
National Crime Agency, Europol, and international law enforcement agencies conducted Operation Cronos, seizing LockBit's darknet websites. Four individuals were arrested (one in Ukraine, one in Poland, two in the United States), and two Russians were named. Law enforcement seized the group's source code and obtained decryption keys.
|
| January 2024 |
British Library cyberattack
Partial restoration of the computerised catalogue occurred after being offline for months following the cyberattack.
|
| January 2024 |
LockBit
Attacked Fulton County computers, with the county confirming no ransom was paid and no sensitive information was extracted.
|
| January 15 2024 |
British Library cyberattack
The British Library's main catalogue was restored online in a read-only format following the cyberattack, with several services expected to remain unavailable for months.
|
| January 10 2024 |
British Library cyberattack
Library announces partial service restoration beginning 15 January, with Chief Executive Roly Keating apologizing for the two-month disruption to researchers' work.
|
| January 5 2024 |
British Library cyberattack
Financial Times reports the Library will use around 40 percent of its financial reserves to recover from the attack, estimated at £6–7 million.
|
| 2023 |
Akira
Claimed responsibility for ransomware attack on Toronto Zoo, though the zoo did not confirm direct attribution.
|
|
We are only showing the most recent entries for this topic. |
|
This contents of the box above is based on material from the Wikipedia articles Conti (ransomware), 2024 cyberattack on Kadokawa and Niconico, LockBit, BlackCat (cyber gang), Dridex, Health Service Executive ransomware attack, Akira (ransomware), Ransomware, REvil, Rhysida (hacker group) & British Library cyberattack, which are released under the Creative Commons Attribution-ShareAlike 4.0 International License.