Black Kite Releases 2025 Ransomware Report, Revealing 123% Increase in Ransomware Attacks Over Two Years

Posted in Commentary with tags on May 13, 2025 by itnerd

Black Kite today announced its newest report, 2025 Ransomware Report: How Ransomware Wars Threaten Third-Party Cyber Ecosystems, which provides a deep analysis into evolving ransomware trends and threats. The report found that threats have escalated with more actors, less predictability, and deeper entanglement in supply chains, underscoring an urgent need for organizations to implement intelligence-driven defenses and proactive vendor monitoring.

Between April 2024 and March 2025, ransomware attacks escalated with unpredictable campaigns across a wide range of industries. As uncovered by Black Kite’s Research & Intelligence Team (BRITE), the number of publicly disclosed victims saw a 25% increase from the previous year. This follows a steep rise in the previous period with an 81% surge, amounting to a 123% increase over two years. The year also saw a noticeable uptick in attacks against small and mid-sized businesses (SMBs) due to their less robust cybersecurity defenses and lower risks of retaliation, and a rise in supply chain warfare with attackers focused on third-party vendors where just one compromised provider can disrupt dozens to hundreds of downstream organizations. These incidents, often called silent breaches, can go unnoticed until their ripple effects halt operations across industries.

Leveraging data and machine learning, Black Kite’s Ransomware Susceptibility Index® (RSI™) proved to be a critical signal. A numerical score between 0.0 and 1.0, with a higher score representing greater susceptibility to a ransomware attack, RSI goes beyond cyber risk metrics and provides a composite score that incorporates technical indicators and intrinsic risk factors. In fact, for those with RSI above 0.8, nearly half (46%) were attacked, and most organizations showed rising RSI trends well before a breach.

The report’s key findings include:

  • Publicly disclosed ransomware victims climbed to 6,046, a 24% increase year over year, and more than doubled since 2023
  • 52 entirely new groups emerged in the last year, resulting in 96 active ransomware groups
  • Under-resourced, understaffed, and underprepared, SMBs ($4M-$8M) were the most frequently targeted
  • Ransomware was responsible for 67% of known third-party breaches
  • 46% of organizations with RSI greater than 0.8 experienced ransomware attacks
  • With smaller, less sophisticated operators that often lack the infrastructure to run complex extortion operations, ransom payment values declined by 35%, but the overall impact has widened

Ransomware is no longer dominated by large syndicates. Today’s organizations must contend against smaller groups that have less experience but the same intent – disrupt, extort, and repeat. While the tactics lack the sophistication of their predecessors and the targets are smaller, the volume and unpredictability of this new era of ransomware presents a new set of challenges. Organizations must also defend against AI-driven ransomware that enables attackers to bypass existing security systems and could evade detection, like analyzing EDR logs or monitoring incident response communications to adjust ransom demands.

Access the full report here.

Methodology

The findings in this report are the result of a comprehensive year-long investigation conducted by the Black Kite Research & Intelligence Team (BRITE), covering the period between April 1, 2024 and March 31, 2025. The methodology combines continuous monitoring of ransomware operations with detailed victim analysis and dark web intelligence gathering:

  • BRITE monitored activity from over 150 ransomware groups, tracking their leak sites, extortion posts, and public disclosures. A group was considered “active” if it published at least one victim within the last 12 months. By March 2025, 96 groups met this threshold.
  • A total of 6,046 victims were identified through leak site monitoring, cross-validated with open-source intelligence and internal telemetry. For each victim, BRITE analysts determined industry classification using NAICS codes, headquarters location by country, and estimated company size based on publicly available financials or trusted databases. BRITE also leveraged the Black Kite platform to assess each victim’s cybersecurity posture before and after the incident, helping to identify patterns in susceptibility and exposure.
  • To complement leak site tracking, BRITE actively monitored ransomware blogs, Telegram channels, and dark web forums to identify group narratives, affiliate activity, and coordination patterns. This enabled the team to detect new groups quickly and contextualize victim disclosures beyond surface-level postings.

Leave a comment »

University of Michigan Pwned Via Threat Actors Swapping A Classroom Engagement Tool For Malware

Posted in Commentary with tags on May 12, 2025 by itnerd

University of Michigan has reported attackers compromised the download portal for iClicker, a classroom engagement tool, replacing the Mac app with malware that used a fake CAPTCHA to lure users into manually launching the payload. The malware granted attackers persistent access, bypassed Apple security controls, and primarily targeted students — raising concerns about supply chain attacks in education.

Debbie Gordon, CEO and Founder, Cloud Range had this to say:

“This incident shows how easily attackers can turn a simple user interaction — like clicking a CAPTCHA — into a full compromise. The real question is: how quickly can your team detect and contain it? That’s the essence of incident response readiness. Simulation-based training gives defenders the muscle memory they need to spot behavioral red flags, investigate effectively, and coordinate containment actions in real time — before small lapses become major breaches.”

I have to admit this attack is pretty scary. Hopefully the university does a deep dive to figure out how this happened because this clearly is a skilled threat actor who came into this with a plan of attack. That makes these threat actors should be considered dangerous.

Leave a comment »

Penske’s Catalyst AI Powers Innovative New Era of Fleet Intelligence 

Posted in Commentary with tags on May 12, 2025 by itnerd

Today, Penske Truck Leasing introduced the new generation of fleet intelligence with the latest release of Catalyst AI™, its proprietary artificial intelligence engine and industry leading AI platform that redefined fleet management. Built specifically for commercial transportation, Catalyst AI applies machine learning in advanced methods—turning one of the industry’s richest vehicle data sets into faster, more strategic decision-making across operations. 

Catalyst AI was built to meet a fundamental need in modern operations: how to take the right action, at the right time, from the right data. The update introduces four core enhancements designed to make that possible: 

  • Fantasy Fleet – Offers a new comparison set made up of top-performing vehicles most similar to each vehicle in the user’s fleet—helping them find gaps and elevate performance. 
  • Vehicle-level Comparison – Enables users to compare individual vehicles to pinpoint performance differences, helping identify where targeted adjustments can drive better results. 
  • Hub-level Comparison – Allows users to assess operations by location and uncover opportunities for improved efficiency at the local level. 
  • Impacting Metrics – Gives users the ability to focus on specific metrics that matter most to their business—fuel efficiency, maintenance costs, utilization, and more. 

Catalyst AI continues to evolve in step with the complexities of modern fleet operations, delivering faster insights, clearer benchmarks, and intelligence designed to keep businesses ahead. Developed by Penske, the platform reflects what today’s fleet professionals need: trusted insights that drive action. 

That demand is reflected in Penske’s 2025 Transportation Leaders Survey: A Road to AI Adoption, which found that 93% of senior business decision makers in the transportation and logistics industry agree that AI will improve their organization’s resiliency and ability to adapt to sudden shifts. More than half (54%) said the ability to compare their fleet’s performance to others in the same market would improve both efficiency and operational decision-making. As they specifically plan for today’s continued economic uncertainty, fleet leaders cited their most critical data needs as: visibility into maintenance costs (44%), fuel price trends (41%), and fleet utilization (36%). 

Organizations that have embraced AI are already reaping the benefits with 40% of respondents using AI tools saying they’ve seen improvements of at least 50% in fuel usage, cost reduction, or distance traveled through smarter routing and optimization. However, 84% of transportation leaders think the industry is lagging behind in AI adoption and 36% only feel somewhat prepared to respond to ongoing supply chain disruptions and economic volatility. This signals a growing urgency for tools that not only provide data but translate it into tangible actions that drive outcomes, such as lowering operating costs and increasing efficiency.  

Since Catalyst AI launched in 2024, the platform has grown to support thousands of users, helping fleet professionals move from lagging metrics to leading decisions. The platform is now a foundational part of how teams across Penske’s network report, benchmark, and plan—across vehicles, locations, and systems. 

Catalyst AI is embedded within Comparative Insights, a feature inside the Fleet Insight® digital platform. Comparative Insights, powered by Catalyst AI, at the fleet level remains available at no cost to Penske customers. The new Comparative Insights Premium Plan unlocks access to vehicle- and hub-level comparisons and the Fantasy Fleet feature, with a 30-day free trial available before subscription. To learn more, visit penskecatalyst.ai

Leave a comment »

Security firm for NFL, NBA, NHL, MLB, and NASCAR notifies 100K people of data breach

Posted in Commentary with tags on May 12, 2025 by itnerd

Andy Frain Services, a security firm servicing major clients such as NFL, NBA, NASCAR, and more, over the weekend confirmed it notified 100,964 people of an October 2024 data breach that compromised their personal information.

Ransomware gang Black Basta claimed responsibility for the breach in November 2024, saying it stole 750 GB of data from the private security firm. Andy Frain has not yet confirmed Black Basta’s potential involvement. 

Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 had this to say:

“I’m not sure why it took nearly 7 months for Andy Frain Services to notify the impacted people. That’s 7 months hackers could have been using the learned information to abuse potential victims. If I do business with Andy Frain Services, I would like to know how the breach happened, if they know. Was it social engineering, unpatched software or firmware, or some other cause. Because if they don’t know how it happened it’s much tougher to put in place the right mitigations to make sure it’s less likely to happen again.”

And in  a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:

“Black Basta, not to be confused with Blackcat or BlackSuit, is a ransomware gang that first surfaced in early 2022. It operates a ransomware-as-a-service business wherein third-party clients pay Black Basta to use its ransomware and infrastructure to launch attacks and collect ransoms. Black Basta often extorts victims both for a key to restore infected systems and for not selling or publicly releasing stolen data. Black Basta has claimed 166 confirmed ransomware attacks since it began, compromising more than 11.7 million records. Its average ransom demand is about $2.9 million.”

“In 2025 to date, Black Basta has claimed five victims, all of which it claimed in January. None of those attacks have been confirmed yet. In 2024, Comparitech researchers logged 793 confirmed ransomware attacks on US organizations, compromising more than 268 million records. 64 of those attacks hit service-based businesses like Andy Frain and compromised 1.6 million records.”

“The average ransom across all industries is just north of $2.3 million, and $787,000 for service-based businesses. In 2025 so far, we’ve recorded 112 confirmed ransomware attacks in total, five of which hit service-based businesses. Ransomware gangs made another 1,365 attack claims this year that haven’t been acknowledged by the targeted organizations.”

Andy Frain has some explaining to do. Or at least it should have some explaining to do. Seven months to disclose this isn’t cool. However I don’t think that will happen given the sort of environment that we’re in at the moment where nobody seems to be held to account for anything. Which is not good.

Leave a comment »

Today Is Anti-Ransomware Day

Posted in Commentary on May 12, 2025 by itnerd

Today, May 12th, marks Anti-Ransomware Day and commemorates the 2017 global WannaCry attack which majorly disrupted the UK’s NHS. That was a huge event at the time. And sadly things have only gotten worse since then.

Rebecca Moody, Head of Data Research at Comparitech had this to say: 

“In 2017, ransomware, to many people, was still a huge unknown. Fast-forward to today, and it’s a word within a lot of people’s vocabulary–even if they don’t understand the technical jargon surrounding it. This is because of large-scale attacks like WannaCry and the current attack on Marks and Spencer, bringing these types of attacks to the forefront. “

“Sadly, however, while awareness around these types of attacks has grown, so too has the number of attacks. Since 2018, we’ve seen yearly increases in the number of ransomware attacks (except for a dip in 2022), and the amount of data involved in these attacks has also risen exponentially. Hackers have become increasingly focused on double-extortion tactics whereby systems are encrypted (for one ransom payment) and data is also stolen (for another ransom payment).”

“Since 2018, we’ve tracked 281 confirmed ransomware attacks in the UK alone (confirmed attacks are those acknowledged by the entity involved). These attacks have led to the breach of over 3.3 million records and have seen average ransom demands of nearly USD $8.6 million (GBP £6.5 million).”

“40 of these attacks and nearly 1.2 million records are from 2024. And we’ve already seen 12 attacks this year so far. While no breaches have been reported for the attacks this year, we’ll likely see significant numbers involved in the attacks on M&S and Co-op.”

“While the threat landscape surrounding ransomware attacks has changed, the basics for thwarting these attacks remain the same. Make sure systems are up to date, patch vulnerabilities as soon as you become aware of them, carry out regular system back-ups, have detailed plans in place if the worst should happen, and, perhaps most crucially, carry out regular staff training. As we’ve seen with Harrods, Co-op, and M&S, social engineering tactics were used to carry out these attacks, whereby employees were tricked into changing their passwords.”

The world isn’t a safe place right now based on the fact that I started out occasionally reporting on ransomware attacks to reporting on them daily. Thus let’s use today as a catalyst to make whatever changes are required to make the world a whole lot safer when it comes to ransomware.

Leave a comment »

Tanya Steele and Samara Halterman of Myriad360 Spotlighted on the 2025 Women of the Channel Power 80 Solution Provider List

Posted in Commentary with tags on May 12, 2025 by itnerd

Myriad36 proudly announced today that CRN®, a brand of The Channel Company, has recognized Tanya Steele, Chief Experience Officer, and Samara Halterman, Chief Marketing Officer, as two of the 2025 Women of the Channel Power 80 Solution Provider list. This prestigious honor highlights an elite subset of influential solution provider leaders chosen from the CRN® 2025 Women of the Channel list.

This annual CRN list celebrates women from vendors, distributors, solution providers and other channel-focused organizations who make a positive difference in the IT ecosystem. The CRN 2025 Women of the Channel honorees are innovative and strategic leaders committed to supporting the success of their partners and clients.

The annual Power 80 Solution Provider list honors the most influential women in leadership at some of the country’s most prominent IT integrators, managed service providers, value-added resellers and consultants for their channel advocacy and dedication to helping their clients and technology partners thrive.

This year CRN recognized Tanya Steele, Chief Experience Officer, and Samara Halterman, Chief Marketing Officer, of Myriad360.

Tanya has demonstrated exceptional leadership in advancing the company’s channel business through strategic innovation and operational excellence. As a seasoned executive leading the Client Experience Organization, she oversees delivery engineers, pre-sales engineers, project management, account management, sales operations, and service operations teams, driving remarkable results including an 80% improvement in services utilization over the past year.

Under Tanya’s leadership, Myriad360 achieved an impressive Net Promoter Score of 89 while establishing a dedicated Service Operations department that helped to reduce order error rates by over 60%. Her client-first approach has transformed the company’s speed-to-quote capabilities and pricing strategies, creating scalable processes that support growing channel demands. Tanya’s commitment to delivering exceptional client outcomes while fostering team collaboration positions Myriad360 as a trusted partner providing comprehensive 360-degree technology solutions.

Samara Halterman, Chief Marketing Officer at Myriad360, has been recognized for her transformative impact on the company’s channel strategy. A six-time CRN Women of the Channel honoree (2018-2023), Samara has leveraged her extensive experience across global solution providers to architect innovative co-marketing frameworks that empower partners, expand pipeline opportunities, and enhance revenue growth. Her leadership has revolutionized Myriad360’s partner engagement framework while implementing comprehensive enablement programs that accelerate market readiness.

Drawing from her impressive track record, including delivering double digit ROI at A10 Networks and leading a world class global team across 15 countries at Pure Storage, Samara combines strategic vision with tactical execution to drive measurable business outcomes. Her human-centered approach balances client-first obsession with pragmatic innovation, while her dedication to mentoring emerging female leaders strengthens both Myriad360’s culture and the broader channel ecosystem. Under her guidance, Myriad360 is focused on deepening relationships with strategic partners, developing joint solutions, and expanding national presence to better serve enterprise clients across new territories.

The 2025 Women of the Channel will be featured in the June issue of CRN Magazine, with online coverage beginning May 12 at www.CRN.com/WOTC.

Leave a comment »

KnowBe4 Predicts Agentic AI Ransomware Is Imminent on International Anti-Ransomware Day

Posted in Commentary with tags on May 12, 2025 by itnerd

KnowBe4 today announced a prediction that agentic AI ransomware will become a new threat in the near future, recognized on International Anti-Ransomware Day. 

Ransomware demands and payments escalated in 2024, with average payments reaching $2.73 million. International Anti-Ransomware Day serves as a platform to raise awareness globally about the dangers of ransomware and the best practices for mitigating it. 

AI agentic ransomware is a collection of AI bots that perform all the steps necessary to conduct a successful ransomware attack, only faster and better. The AI-enabled agentic ransomware will gain initial access, analyze the environment, determine how to maximize malicious hacker profits, and implement the attacks. And it will not be just one attack, but a series of escalating attacks to maximize a malicious hacker’s profit.

KnowBe4 has multiple resources, including tips to help organizations fight against ransomware and a Ransomware Hostage Rescue Manual

Leave a comment »

Fortra Acquires Lookout Cloud Security

Posted in Commentary with tags on May 12, 2025 by itnerd

Fortra today announced the acquisition of Lookout’s Cloud Security business featuring their Security Service Edge (SSE) solution. Based in Boston, Massachusetts, Lookout’s Cloud Security solution features Cloud Application Security Broker (CASB), Zero Trust Network Access (ZTNA) and Secure Web Gateway (SWG) among other critical security solutions. In addition, with this acquisition, Fortra now offers a complete Data Security Posture Management (DSPM) solution.  

In March 2024, Fortra and Lookout announced a strategic integration partnership to provide customers with comprehensive security coverage through Fortra’s Digital Guardian DLP. Now Fortra customers will have comprehensive DSPM capabilities leveraging the power of Fortra’s existing solutions for data discovery, classification and data loss prevention (DLP) enhanced by Lookout’s strength in cloud security. 

As organizations face increased threats from cyber-attacks, and look to comply with regulatory and privacy requirements, Lookout’s SSE capabilities help organizations safeguard their people, devices, applications and data wherever it lives across hybrid environments.   

Leave a comment »

Analysis of popular AI tools: 84% breached, 51% facing credential theft

Posted in Commentary with tags on May 12, 2025 by itnerd

About 75% of workers use AI in the workplace, with AI chatbots being the most common tools to complete work-related tasks. While this boosts productivity, it could expose companies to credential theft, data leaks, and infrastructure vulnerabilities, especially since only 14% of workplaces have official AI policies, contributing to untracked AI use by employees.

According to the Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Cybernews researchers analyzed 52 of the most popular AI web tools in February 2025, ranked by total monthly website visits based on Semrush traffic data.

Key analysis findings: 

  • Researchers’ analysis shows that 33% of the analyzed AI platforms earned an A rating, 41% received a D (high risk) or even an F (critical risk). 
  • Of the 52 AI tools analyzed, 84% had experienced at least one data breach.
  • 36% of analyzed tools experienced a breach in just the past 30 days. 
  • 93% of platforms showed issues with SSL/TLS configurations, which are critical for encrypting communication between users and tools. 
  • System hosting vulnerabilities were another widespread concern, with 91% of platforms exhibiting flaws in their infrastructure management. 
  • 44% of companies developing AI tools showed signs of employee password reuse.
  • 51% of analyzed tools have had corporate credentials stolen. 

To read the full research and methodology, please click here.

Leave a comment »

3+ Million Student-Athletes & College Coaches’ Records Exposed 

Posted in Commentary with tags on May 12, 2025 by itnerd

VPNMentor just published cybersecurity researcher Jeremiah Fowler’s latest findings, revealing an unprotected database linked to a platform that helps high school athletes secure college sports scholarships.

The database contained 3,154,239 records, totaling 135 GB, with personally identifiable information (PII), including names, emails, phone numbers, home addresses, and even passport image links for student-athletes.

The scale and sensitivity of the information raise serious risks of identity theft, financial fraud, and impersonation.

You can find the full report here: https://www.vpnmentor.com/news/report-prephero-breach/

Leave a comment »

« Older Entries
Newer Entries »