Ransomware attacks increased by 102% in 2025

Posted in Commentary with tags on April 28, 2025 by itnerd

Cybernews’ latest 2025 Q1 overview reveals an alarming surge in ransomware activity. According to the Ransomlooker tool, 2,028 known ransomware attacks occurred in just three months, with a 101.8% increase compared to Q1 2024. The number of active ransomware gangs also spiked, with 65 groups operating in the first quarter.

The findings also show ransomware gangs adopting a more calculated, high-stakes approach with attacks aimed at billion-dollar Fortune 500 corporations.

This report offers key insights into where ransomware is headed and who’s next in the crosshairs. The shift toward targeting billion-dollar corporations highlights the growing risk to industries essential to everyday life and the downstream effects the attacks can have on global supply chains and public services.

Key findings of this research:

  • 2,028 ransomware victims were tracked in Q1 2025 — up from 1,005 in Q1 2024. That’s a 101.8% increase in attacks.
  • LockBit dropped from first place to 21st, with attacks falling from 219 in Q1 2024 to just 23 in Q1 2025.
  • 65 ransomware gangs active in Q1 2025, up from 47 the year before — 14 were new or rebranded.
  • The top 10 victims had a combined annual revenue of $329.8 billion.
  • Estimated potential ransom demands (1%) from those top victims could exceed $3.3 billion.
  • Most targeted sectors are manufacturing and industrial, consumer and retail services, technology and IT, transportation and logistics, and business services.
  • Cl0p, Akira, and RansomHub were the most active ransomware gangs.
  • The US remains the top target with 783 known cases, followed by Canada and the UK.

To read the full research, please click here.

Leave a comment »

Review: Targus Terra EcoSmart 15-16″ Backpack 

Posted in Products with tags on April 28, 2025 by itnerd

Not long ago, I switched from a laptop bag that was literally falling apart to this Targus backpack. There’s nothing wrong with this backpack at all, but thanks to Targus, I now have an upgrade. They sent me the Terra EcoSmart 15-16″ backpack recently which looks like this:

This has a pretty modern and contemporary look to it which I like. And it’s a bit like the TARDIS. It’s bigger on the inside than on the outside. Let me illustrate that:

The very front pocket has a keyring for your keys.

But in my case, I use it for my GearAid Heroclip which is part of my everyday carry.

One cool feature is that it has this flap that makes the zipper difficult to unzip. Handy for places like Downtown Toronto which has a bit of a petty crime problem.

There’s an expandable pouch on each side of the backpack for water bottles.

On the back of the backpack is a zippered compartment that holds a rain cover for the backpack. Handy if you use this backpack to cycle to and from work. Speaking of cycling…

It has a pair of hooks on the front which you can use to do this:

You can hang your helmet on the backpack securely thanks to those hooks. Meaning that it’s one less thing that you have in your hands or inside the backpack.

And there’s loop at the bottom front of the backpack that allows you to hang a rear light so that you are always safe when cycling.

Pro tip: I always use front and rear lights when cycling. Daytime, night time, it doesn’t matter. You should too as it will help you to stay safe.

One of the straps has a slot for a card like a bus pass or in this case, my CAA card which I am using for demonstrating purposes.

Around back there’s a mesh like weave to keep your back cool, and a strap that allows you to slide the backpack through your luggage.

The middle compartment really has a lot of space. I’ve tossed my business cards, a pen, a paper notebook and a pack of tissues in it. But I can also throw my tech sling in here with ease and have lots space left over.

The laptop compartment is very well padded and fit my 16″ MacBook Pro with no issues. One thing to note that the bottom of this compartment is suspended off the ground. Meaning that putting your laptop down will not damage your expensive computer.

Targus gets bonus points for having this zipper for the laptop compartment that locks. Meaning that stealing your laptop is now harder to steal.

Other notes about this backpack include:

  • I sprayed some water onto the fabric and it beads. Meaning that at the very least it is water resistant. Handy if you live in a place where it rains a lot. The zippers also appear to be water resistant as well.
  • 8 plastic bottles were used to make this backpack. Meaning that by buying it, you’re helping the environment.

So is it perfect? Well, the only thing that I would improve is that I would have added a hidden AirTag compartment into it. Thus to put an AirTag in this backpack, I had to improvise by using one of these to hide it in a place were nobody would look for it. Having said that, Targus does make a backpack with FindMy functionality. So if you want some sort of tracking ability in your backpack, that’s an option for you.

The Targus Terra EcoSmart 15-16″ backpack goes for $70 MSRP. And you get a fair amount for your money including some cyclist friendly features. Which is why I will be using this backpack going forward. While I don’t use my bike to commute, everything else about this backpack is top shelf as far as I am concerned.

1 Comment »

The Evolution of Phishing Scams: Smarter, More Targeted, and Harder to Stop

Posted in Commentary with tags on April 25, 2025 by itnerd

The research team at SafetyDetectives just finished up a really interesting study, where they explore how phishing scams have transformed over time, especially with the advent of AI technology, highlighting the growing sophistication and challenges these scams pose to digital security.

Key findings at a glance:

  • On average, it takes a user around 60 seconds to fall for a phishing scam and over the past three years, deepfake attacks have increased by 2,137%, rising from 0.1% to 6.5% of all fraud attempts detected.
  • 2023 was the worst year on record for phishing attacks, with nearly five million incidents reported.
  • In the third quarter of 2024, the most popular free email client used in BEC attacks was Google’s Gmail, accounting for 83.1% of all free email accounts set up by scammers.
  • AI-generated phishing emails have an open rate of about 78%, with 21% of recipients clicking on harmful links or attachments within the email. Furthermore, generative AI tools can speed up the process of engineering phishing attacks by at least 40%.

As phishers continue to adapt their tactics, individuals and organizations alike need to stay vigilant and implement robust security measures to protect against these ever-evolving threats. By staying informed and proactive, we can reduce the impact of phishing scams and make our digital lives safer.

You can access the report here: https://www.safetydetectives.com/blog/phishing-metrics-research/

Leave a comment »

North Korean APT Group Created 3 Front Companies to Spread Malware to Crypto Job Applicants

Posted in Commentary with tags on April 24, 2025 by itnerd

Today, Silent Push released that its threat analysts have uncovered three cryptocurrency companies that are actually fronts for the North Korean APT group Contagious Interview: BlockNovas LLC, Angeloper Agency, and SoftGlide LLC.

Silent Push’s malware analysts confirmed that three strains, BeaverTail, InvisibleFerret, and OtterCookie, are being used to spread malware via “interview malware lures” to unsuspecting cryptocurrency job applicants.

The threat actor heavily uses AI-generated images to create profiles of “employees” for the three front crypto companies. As part of the crypto attacks, the threat actors are heavily using Github, job listing, and freelancer websites.

This is now live at https://www.silentpush.com/blog/contagious-interview-front-companies/

Leave a comment »

Millions Of Patients Affected by Data Breach at Yale New Haven Health

Posted in Commentary with tags on April 24, 2025 by itnerd

Yale New Haven Health System (YNHHS), which operates several hospitals in Connecticut, recently disclosed a data breach impacting the personal information of millions of patients:

On March 8, 2025, YNHHS identified unusual activity affecting our IT systems. We immediately took steps to contain the incident and began an investigation with support from external cybersecurity experts, and we also reported the incident to law enforcement. At no point did the incident impact our ability to provide patient care.

Our investigation has now determined that an unauthorized third-party gained access to our network and, on March 8, 2025, obtained copies of certain data. The information involved varies by patient, but may include demographic information (such as name, date of birth, address, telephone number, email address, race or ethnicity), Social Security number, patient type, and/or medical record number. YNHHS’ electronic medical record system was not involved nor accessed in this incident, and no financial accounts, payment information or employee HR information was included.

We have begun the process of mailing letters to patients whose information was involved in this incident and providing appropriate resources, including offering complimentary credit monitoring and identity protection services to individuals whose Social Security number was involved. Patients are also encouraged to review statements they receive from their healthcare providers and immediately report any inaccuracies to the provider.

Commenting on this news is James McQuiggan, Security Awareness Advocate at KnowBe4:

“With this attack, not having any group come forward is unusual, as these groups thrive on recognition. They post leaks, demand ransoms, or even taunt organizations publicly. So, when silence follows a breach, it could be for a longer-term operation.”

“Data being exfiltrated could be used for a long-term scenario of identity theft, medical fraud, or perhaps resale on private dark markets. The attackers may also want to stay under the radar.”

“If a person’s sensitive data becomes exposed, they should quickly protect their identity and credit. Consider freezing credit to block identity fraud and monitor medical records for suspicious activity.”

“Change passwords for healthcare portals and stay alert for phishing attempts using their details. Don’t wait for official alerts. Just assume their data is exposed and protect their data and accounts adequately.”

“Like so many others, this breach isn’t just about stolen data. It’s about the lost trust between people, and the systems meant to protect their most personal information. Until security is treated as a shared responsibility by leadership, vendors, and every employee in the chain, these incidents and conversations will continue, and victims will keep paying the price.”

It’s only Thursday, but it truly feels like this week is full of ransomware attacks. That’s incredibly bad. And it illustrates that we all need to do better to stop the madness.

Leave a comment »

A Deep Dive into Behavioral Biometrics Authentication – Are these methods more secure than passwords?

Posted in Commentary with tags on April 24, 2025 by itnerd

Most people are pretty familiar with biometrics at this point. You scan your thumbprint, iris, or face as a way of identifying yourself and accessing a device or application. It’s a simple but effective way to add an extra security factor on top of a password or one-time passcode. But what if we could go a step further and identify someone through their behavior? 

This week, Specops Software published an analysis on behavioral biometric authentication methods as well as their security efficacy in comparison to a more traditional method — passwords. 

The analysis looks at common types of biometrics, recent innovations to this technology, and the advantages of biometrics for end users and organizations alike. The piece also dives into how hackers might exploit behavioral biometrics and whether these are more secure than passwords, and how. 

The full report can be read here: https://specopssoft.com/blog/behavioral-biometrics-authentication-passwords/

Leave a comment »

Interlock claims attack on kidney dialysis company DaVita – 1.5 TB of data stolen

Posted in Commentary with tags on April 24, 2025 by itnerd

Comparitech has reported that the ransomware gang Interlock today claimed the cyberattack on kidney dialysis company DaVita last week where 1.5 TB of data was stolen. 

In a blog post reporting this news, Rebecca Moody, Head of Data Research at Comparitech, wrote:

“Interlock first began adding victims to its data leak site in October 2024. As with most ransomware gangs today, it seeks a ransom payment for the decryption of systems and the deletion of stolen data.”

“Since October 2024, we’ve tracked 13 confirmed attacks via this group and a further 13 unconfirmed attacks that haven’t been acknowledged by the organizations in question.”

“2025 has already seen 17 confirmed attacks on US healthcare companies, as well as a further 80 unconfirmed.”

“As we are seeing with DaVita, ransomware attacks on healthcare companies have the potential for widespread disruption. Not only can patient care be affected when systems are encrypted, but these attacks often have ongoing consequences when data is stolen by hackers. In 2024 alone, nearly 25.7 million individual records were breached across 160 ransomware attacks on US healthcare providers.”

 James McQuiggan, Security Awareness Advocate at KnowBe4 had this comment:

“Sadly, it’s another ransomware case, another data leak. The mechanics haven’t changed much: initial access, privilege escalation, exfiltration, extortion. Rinse. Lather. Repeat. What’s still missing in many organizations is the alignment across people, processes, and technology. Cybercriminals rely on simple vectors like phishing or weak external access with unpatched systems or credential stuffing.”

“Cybercriminals will steal data before encrypting it, so preventative measures must include outbound traffic monitoring and to consider controls to limit data movement. Good backups help recovery but don’t neutralize extortion. Organizations need plans for data leaks, not just complete data loss. Cybersecurity teams need tested response plans for encryption and extortion; if not, you’re unprepared for an attack. Coordinate with legal, comms, IT, and incident response teams before it’s public.”

“Technology alone can’t solve the human risk aspect. Reduce risk by building a strong security culture where security habits are reinforced, measured, and modeled from the top. Ensure cybersecurity teams coordinate across executives, IT, compliance, legal, and communications to reduce the opportunity for a cybercriminal to have the upper hand.”

I am truly afraid that ransomware attacks are out of control at this point. This is scary as nobody is safe. This is not a good place to be in. Something needs to change on this front and fast.

Leave a comment »

PII and Patient Info Exposed in Health Data Breach

Posted in Commentary with tags on April 24, 2025 by itnerd

A data breach involving Atrium Health, a North Carolina-based network of hospitals, clinics, and specialty centers across the Southeast was discovered and reported to Website Planet by cybersecurity researcher Jeremiah Fowler.

What happened:

A non-password-protected database containing 21,344 records with a total size of 6.99 GB was publicly exposed. The leak contains Patient PII, insurance coverage details, emergency contacts, names of medical staff, patient medical history and more.

Why it matters:

Exposing this kind of detailed medical records could potentially lead to identity theft, insurance fraud, or social engineering campaigns to obtain additional personal or financial information. Unauthorized access to a patient’s medical history could provide cybercriminals with enough information to attempt a wide range of fraudulent activities.

Read the report here: https://www.websiteplanet.com/news/atriumhealth-report-breach/

Leave a comment »

iOS app meant for privacy exposes private texts and more

Posted in Commentary with tags on April 24, 2025 by itnerd

The Cybernews research team has uncovered a severe data leak affecting a popular iOS app, Second Phone Number, which has been downloaded nearly 4 million times – over 3 million in the US alone. Marketed as a solution for “private calls and texts,” the app has instead exposed exactly what it promises to protect.

In our latest investigation, we found that a misconfigured Firebase instance has been leaking user messages, media as well as sender and recipient details.

This leak opens the door to identity theft, blackmail, and fraud. Some users employed the app for business or dating. Others sought anonymity for deeply personal reasons. In either case, their data is now vulnerable to cybercriminals who can scrape Firebase in real-time for new data.

Here’s why this story matters:

  • It’s a systemic problem. This discovery is part of the large-scale research of 156,000 iOS apps. We found that 71% leak at least one sensitive secret.
  • Users trust the App Store. Apple’s ecosystem is perceived as safe. This story challenges that perception.
  • The implications are serious. Leaked messages could be used to impersonate, harass, or blackmail users. Developers could lose access to paid services due to leaked API keys.

Despite multiple outreach attempts, the app’s creators have not secured the database. This is an ongoing and active leak – users are still at risk.

Please find the full report here

Leave a comment »

EDR Killers: What They Are, Why They Matter, and How Organizations Can Stay Protected 

Posted in Commentary with tags on April 24, 2025 by itnerd

ESET is warning organizations to stay alert as “EDR killers” – tools designed to disable Endpoint Detection and Response (EDR) solutions- grow more accessible and more widely used by ransomware affiliates. While not a new threat, these tools are becoming easier to deploy, making them relevant for enterprises and mid-sized organizations alike. 

An EDR killer works by disabling or impairing EDR agents on compromised machines, blinding defenders and paving the way for attackers to move stealthily and deliver malicious payloads. These tools are typically deployed after initial access has already been achieved, a process that itself should set off multiple alarms in a well-defended environment. 

Once used only by highly skilled threat actors, EDR killers are now distributed by ransomware-as-a-service (RaaS) operators like RansomHub, lowering the technical bar for attackers. Variants range from basic script-based tools to more advanced versions that exploit vulnerable drivers or repurpose legitimate software, like rootkit removal tools, to disable security systems. 

Despite these developments, ESET stresses that EDR killers aren’t cause for panic, but they are a reminder of the importance of strong, layered security. Organizations with solid defences, good detection practices, and well-trained staff remain in a strong position to detect and disrupt these tools before they cause severe damage. 

ESET recommends the following best practices to reduce exposure: 

  • Use a hardened, updated EDR solution: Leading tools already detect many known EDR killer behaviours. 
  • Restrict user permissions: Prevent users without admin rights from modifying or disabling security controls. 
  • Monitor for suspicious downloads and file transfers: Watch for scripts, drivers, or tools commonly used in these attacks. 
  • Block Potentially Unsafe Applications (PUSA): Review app control policies to minimize exposure to misused software. 
  • Invest in staff training: Phishing awareness and safe file handling are still your first line of defence. 

The rise of EDR killers reflects an evolving cybercrime landscape, where increasingly advanced tools are being commercialized and shared. As attackers adapt their tactics, defenders must do the same. A resilient, multi-layered approach, backed by regular reviews and user education, remains the best strategy for staying ahead. 

ESET continues to track the development of EDR killer tools and their use in real-world attacks. For further insights and technical analysis, visit ESET’s threat research blog, WeLiveSecurity

Leave a comment »

« Older Entries
Newer Entries »