惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
P
Palo Alto Networks Blog
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
NISL@THU
NISL@THU
L
Lohrmann on Cybersecurity
有赞技术团队
有赞技术团队
The GitHub Blog
The GitHub Blog
C
Cisco Blogs
B
Blog
Microsoft Azure Blog
Microsoft Azure Blog
Recent Announcements
Recent Announcements
Simon Willison's Weblog
Simon Willison's Weblog
T
Tenable Blog
Know Your Adversary
Know Your Adversary
Spread Privacy
Spread Privacy
WordPress大学
WordPress大学
月光博客
月光博客
Latest news
Latest news
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threat Research - Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
I
InfoQ
D
Darknet – Hacking Tools, Hacker News & Cyber Security
W
WeLiveSecurity
Hacker News - Newest:
Hacker News - Newest: "LLM"
酷 壳 – CoolShell
酷 壳 – CoolShell
U
Unit 42
C
Cybersecurity and Infrastructure Security Agency CISA
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
Google DeepMind News
Google DeepMind News
Apple Machine Learning Research
Apple Machine Learning Research
Attack and Defense Labs
Attack and Defense Labs
罗磊的独立博客
T
The Exploit Database - CXSecurity.com
I
Intezer
GbyAI
GbyAI
Jina AI
Jina AI
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Blog — PlanetScale
Blog — PlanetScale
博客园 - 司徒正美
Google Online Security Blog
Google Online Security Blog
Engineering at Meta
Engineering at Meta
D
Docker
Recent Commits to openclaw:main
Recent Commits to openclaw:main
小众软件
小众软件
云风的 BLOG
云风的 BLOG
爱范儿
爱范儿
Project Zero
Project Zero

Threat Intelligence – ThreatDown by Malwarebytes

Prinz Eugen ransomware: a deep dive into a new Go-based encryptor - ThreatDown by Malwarebytes CastleRAT attack first to abuse Deno JavaScript runtime to evade enterprise security Machine-scale cybercrime: The 2026 State of Malware report How to prevent a rootkit attack AI-orchestrated cyberattacks Inside EDR-Freeze: How ThreatDown stops the attack before it spreads EDR vs MDR vs XDR – What’s the Difference? KMSpico explained: No, KMS is not “kill Microsoft” When you shouldn’t trust a trusted root certificate - ThreatDown by Malwarebytes Ransomware in March 2025
Ransomware in April 2025—RansomHub is gone
Mark Stockley · 2025-05-07 · via Threat Intelligence – ThreatDown by Malwarebytes
Ransomware review

While DaVita and Marks & Spencer reel from devastating attacks, the most dominant ransomware group of the last year has disappeared.

In April 2025, dialysis giant DaVita suffered a high-impact ransomware attack at the hands of the lesser-known “Interlock” gang. Oregon’s state environmental agency refused to pay a $2.5 million ransom, so the attackers retaliated by leaking confidential patient data stolen from the company.

Around the same time, one of the UK’s biggest retailers, Marks & Spencer, was forced to suspend its online orders after a “cyber incident” disrupted its e-commerce operations. Bleeping Computer reports that the threat actors behind the attack are believed to be part of the Scattered Spider network. The publication believes that the threat actors cracked password hashes from a stolen NTDS.dit database to allow lateral movement through the organization, before using the DragonForce encryptor to attack VMware ESXi hosts.

In Germany, recycling company Eu-Rec GmbH filed for insolvency after being attacked by the SafePay ransomware group.

Known ransomware attacks by group, April 2025

The most startling feature of April’s known ransomware attacks by group chart is the absence of the RansomHub group, which emerged as the successor to LockBit and ALPHV in 2024 as the most dominant ransomware gang.

The RansomHub dark web leak site is currently down, and it’s reported that the DragonForce ransomware group recently announced on its own leak site that RansomHub had “decided to move to our infrastructure.” Currently, the DragonForce leak site simply says “We will be up soon”.

The RansomHub dark web leak site is currently down.
The RansomHub dark web leak site is currently down.
The DragonForce dark web leak site is giving nothing away.
The DragonForce dark web leak site is giving nothing away.

In April, the USA remained by far the most actively targeted country.

Known ransomware attacks by country, April 2025

Manufacturing was the most attacked sector in April 2025, surpassing even the technology sector. The number of attacks on manufacturing has increased steadily over the last few years.

Known ransomware attacks by industry, April 2025

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

To learn more about ransomware and how to defend against the Living Off the Land tactics used by ransomware gangs, download the 2025 State of Malware report.