惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog
C
Check Point Blog
The GitHub Blog
The GitHub Blog
Y
Y Combinator Blog
SecWiki News
SecWiki News
有赞技术团队
有赞技术团队
Latest news
Latest news
D
DataBreaches.Net
Blog — PlanetScale
Blog — PlanetScale
Project Zero
Project Zero
H
Help Net Security
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
G
GRAHAM CLULEY
Engineering at Meta
Engineering at Meta
T
Threat Research - Cisco Blogs
腾讯CDC
P
Proofpoint News Feed
L
LINUX DO - 热门话题
C
Cisco Blogs
P
Palo Alto Networks Blog
Vercel News
Vercel News
P
Privacy International News Feed
爱范儿
爱范儿
Scott Helme
Scott Helme
L
Lohrmann on Cybersecurity
MyScale Blog
MyScale Blog
K
Kaspersky official blog
B
Blog RSS Feed
美团技术团队
Microsoft Security Blog
Microsoft Security Blog
O
OpenAI News
博客园 - 叶小钗
量子位
T
Tenable Blog
C
Cybersecurity and Infrastructure Security Agency CISA
J
Java Code Geeks
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Hacker News: Ask HN
Hacker News: Ask HN
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
L
LINUX DO - 最新话题
F
Fortinet All Blogs
N
News | PayPal Newsroom
The Hacker News
The Hacker News
C
CXSECURITY Database RSS Feed - CXSecurity.com
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
博客园 - 【当耐特】
N
News and Events Feed by Topic
V
Visual Studio Blog
Google DeepMind News
Google DeepMind News
Last Week in AI
Last Week in AI

CyberScoop

Security researchers find stalkers abusing Chrome's sync feature SonicWall customers under threat as attackers exploit 2 zero-days Dems press DNI nominee Jay Clayton on election security questions, but leave dismayed Forget the model. When it comes to cybersecurity, it’s all about the harness White House details ‘Gold Eagle’ clearinghouse for AI cyber threats Microsoft discloses ‘the mother of all’ vulnerability loads, tripling June’s previous record Treasury sanctions First VPN Service, others for abetting ransomware gangs States are building their own election defense networks as federal support evaporates Europe strikes out against Russia’s Turla over espionage, ‘destructive attacks’ Officials once again warn defenders that Russian hackers are targeting network devices AI-generated code has made security debt a governance problem Armenian national pleads guilty to Ryuk ransomware attacks CISA looks to remedy ailments from big May credential leak Former DigitalMint ransomware negotiator who duped clients sentenced to 70 months in jail Interpol cybercrime crackdown nets 5,800 arrests across 97 countries 764 splinter group leader sentenced to 40 years in jail French nonprofit starts global intelligence and research hub for AI cyber threats Found fast, fixed slow: The gap the AI clearinghouse must close Spain arrests suspected hacker linked to Russian hacktivist campaign Deepfake CSAM lawsuit against xAI, Grok expands Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities US Army websites defaced with pro-Kurdish sentiments, insults to Trump Sysdig clocks first documented case of agentic ransomware Finding vulnerabilities was never the hard part Someone infected a spyware probe overseer with spyware Alleged longstanding member of Scattered Spider extradited to US Researchers spot exploitation of another critical Oracle defect U.S. lifting export control restrictions on Anthropic’s Mythos, Fable This phishing kit looks more like BEC-as-a-service Citrix patches a new NetScaler flaw with echoes of CitrixBleed Trump budget boss Russell Vought open to re-staffing CISA DHS to unveil replacement council for critical infrastructure cybersecurity Warner bill would create federally vetted list for secure, trustworthy AI agents Supreme Court approves mail-in ballots that arrive after Election Day Supreme Court delivers ‘major win’ for tech privacy in Chatrie ruling What the post-quantum executive order really demands of CISOs ATF cancels controversial commercial geolocation contract FCC passes new cybersecurity rules for emergency systems, undersea cables Federal court rules Trump election-focused executive order illegal Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract Minnesota man known as ‘Snoopy’ sentenced in DraftKings hack Why patch directives only go so far Malicious hackers exploit Cisco zero-day for highest access level at communications service provider In a first, a court takedown goes after two cybercrime tools at once Open-source security is posing challenges governments can't easily solve Justice Department seizes infrastructure used by cyber scam and criminal marketplace Algerian man charged with running two cybercrime marketplaces Court rules SAVE database illegal, orders it dismantled Trump executive orders speed up post-quantum migration, boost industry Intel agencies: Frontier AI models will reshape cybersecurity faster than expected Authorities disrupt Evil Corp’s SocGholish botnet Congress tees up No FAKES Act, aiming at AI-generated deepfakes How software development's speed obsession enabled TeamPCP’s chaos crusade Accenture shells out $4.18B on three companies in big industrial cybersecurity push Attackers hit pair of critical Fortinet vulnerabilities the vendor disclosed in April Lawmakers leary about Trump administration’s Anthropic order AI’s constant patching treadmill can be a security problem A case for how to shape ‘ingredient lists’ for AI models Google exposes China espionage group that’s been lurking in networks undetected since 2023 Cybersecurity experts don’t think Anthropic’s Fable 5 presents a unique threat Anthropic disables new models after government calls them a national security concern FBI takes down massive China-based cybercrime network that caused $1.9B in losses US, France, and Italian authorities shut down massive deepfake porn site Conti ransomware group member pleads guilty, faces up to 20 years in prison ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw CyberCorps is adapting to AI. The budget isn’t keeping up. Russian national charged in connection with Void Blizzard espionage campaign OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers CISA directive orders agencies to prioritize vulnerability patching in a new way Microsoft breaks Patch Tuesday record with 206 vulnerabilities Anthropic’s new model is Mythos on a leash CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector Cisco customers encounter another SD-WAN zero-day under attack Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint The AI security race needs accountability, not overregulation Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away Hill Dems hammer GOP for $250M CISA budget cut Your AI agent could become your biggest insider threat Inside the race to adapt to an AI-powered security world European authorities crack down on illegal streaming networks DHS Secretary Markwayne Mullin pinpoints optimal CISA staffing levels DOD wants to integrate cyber in all operations, and integrate security into AI Trump administration releases scaled-back AI executive order Anthropic expanding access to Project Glasswing Attackers are exploiting Palo Alto Networks defect that initially flew under the radar Tina Peters, convicted in election-security breach, emerges defiant and vows legal fight USPS moving forward with mail-in ballot changes as courts weigh Trump’s election order Election threats are focused on campaign systems, not voting machines Tennessee man linked to 764 accused of series of crimes against children dating back to 2022 Federal audit reveals NIST’s NVD is plagued by poor planning and duplication House panel poised to hold hearing centered on AI impact on cyber Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket Zapier fixes bug chain that researchers say risked widespread account takeover OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms FBI warns US-based law firms to be on the lookout for cybercrime group that steals data in person UK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspace CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain Apple open-sources quantum-resistant encryption code White House charts new course for federal agencies and cybersecurity logging Anthropic: Mythos finds more than 10,000 software flaws in first month
How ransomware syndicates weaponize corporate-style organization
Garrett Carstens · 2026-06-30 · via CyberScoop

Similar to the events that unfolded with the Conti ransomware group’s demise in 2022, leaked internal chat logs of the Black Basta cybercrime group last year gave us a peek behind the curtain of modern ransomware operations. We found that these groups have continued to evolve into highly sophisticated and organized syndicates, taking a corporate-style approach to extortion.

According to our analysis, Black Basta members carefully studied victims to launch advanced phishing and malware campaigns, exploit vulnerabilities and intimidate victims into paying via panic-triggering tactics. They were exceptionally organized: A call team responsible for social engineering schemes worked a set schedule from 6 p.m. to 2 a.m. Moscow time. Additional tasks were outsourced to third parties — malware services, phone operators and spammers — as if they were hiring contractors. Internal performance assessments weighed heavily in determining wages and ransom payment distributions to teams, just like profit sharing in the corporate world.

Before shutting down in 2025, Black Basta launched attacks against 520 victims in 39 industries using two dozen ransomware variants, collecting at least $107 million in bitcoin payments.

The leaked chat logs illustrate that ransomware — which now amounts to a $74 billion global industry annually — has matured far beyond its isolated, primitive beginnings. The negotiation phase has emerged as a deliberate part of the attackers’ business model, taking up to two weeks so they can escalate pressure while giving targeted organizations a narrow window to make coordinated decisions.

Negotiations are also becoming more customized to the victim, with tiered pricing models based on the company’s size, along with data audits of the compromised information with respect to value and sensitivity.

The entire modern ransomware experience appears sharply influenced by two ever-developing components:

Personalization. Reconnaissance and post-compromise assessments are driving how adversaries set and adjust their payoff demands. As part of the process, they look closely at revenue and financial position, contracts and customer relationships, board-level communications, backup and recovery capabilities, sensitivity levels of data and cyber insurance policy details. Cyber insurance actually acts as a “pricing signal,” lending insights into the victim organization’s financial means, willingness to pay and likely ransom amount boundaries during negotiations.

Pressure tactics. Multi-extortion execution is turning up the heat on targeted companies. This includes standard file encryption and data exfiltration, while adding layers like distributed denial-of-service (DDoS) attacks, operational disruption and third-party harassment. The aforementioned data audits give ransomware groups a more precise valuation of the stolen data, helping them further force victims to pay during negotiations.

The attackers will also intentionally manipulate deadlines to maximize their odds of success. They may first set a tight deadline to create urgency, then extend it if they sense doing so will result in a more certain payday. Or they could take the opposite approach by compressing deadlines from days to mere hours to inspire a panic-led decision to meet the ransom demand.

The presence of an increasingly expanding cybercriminal ecosystem enhances these personalization and pressure tactics, with ransomware groups able to hire internal workers or outside support for initial access, data theft, victim profiling, stolen data analysis, DDoS/harassment and payment facilitation. This reflects a broader shift toward specialization.

So how should organizations, typically the chief information security officer (CISO), respond? By incorporating the following best practices into their cyber defense strategies:

Understand the options and risks. Often CISOs must decide between two terrible options: pay a ransom or face reputational or operational damage. In some countries, sending money to a sanctioned entity is illegal, and though paying a ransom demand may not be universally illegal, it is regularly discouraged by law enforcement as it incentivizes future malicious activity. However, not paying a ransom could impact not only immediate operations, but also long-term organizational growth.

Understand the criminal ecosystem. Maintain awareness of ransomware trends. Track the new, the growing and the mature ransomware operations. Require the cyber threat intelligence (CTI) function to keep CISOs apprised of the ransomware threat. Through established relationships, CISOs should gather information about experiences from peer organizations who have previously been compromised.

Prepare and rehearse. Use all available information to prepare for a ransomware incident. This will allow CISOs to make better, cooler-headed decisions under pressure. They will be less inclined to treat negotiations as an improvised crisis situation and more as a scenario they have planned for and rehearsed, as assisted by threat intelligence.

In classic action moves like “Dog Day Afternoon,” “The Taking of Pelham One Two Three” and “Captain Phillips,” both victims and authorities spend considerable time analyzing their opponents. In modern ransomware incidents, CISOs and other leaders need to take a similar approach to understand how a broad criminal ecosystem, corporate-level structure, multi-extortion techniques, data audits, cyber insurance assessments and deadline manipulation come together to make for a more formidable opponent.

With this understanding, security teams gain insight into how they can more effectively conduct negotiations in real time. As a result, they will ensure their organizations survive these incidents with minimal operational damage and financial losses while discouraging cybercriminals from future attack attempts.