Joint customers utilizing Rubrik for immutable backup are recommended to utilize Rubrik in-place recoveries for impacted Windows VMware Virtual Machines (VMs), standard VM restores for Azure VMs, AWS EC2 instances, and live mounts for Hyper-V and AHV VMs. For VMware VMs this significantly reduces the recovery time by only recovering the changed blocks required to revert the VM to a snapshot before the 04:09 UTC CrowdStrike host update.

New data puts the spotlight on the frequency and impact of modern ransomware attacks, highlighting the overconfidence organizations are showing in their ability to defend and respond to attacks. If you’re like one of the organizations surveyed in Halcyon’s latest Ransomware CISO Survey report, the findings were quite eye opening.

Read also: Global law enforcement op strikes West African cybercrime, the Astrostress operator gets a prison sentence, and more.

The ransomware attack against UnitedHealth Group’s Change Healthcare platform is expected to cost the company up to $2.45 billion, more than a billion dollars more than was previously estimated, Cybersecurity Dive reports. The incident has already cost the firm nearly $2 billion.

The ViperSoftX info-stealing malware has evolved, now utilizing the common language runtime (CLR) to covertly execute PowerShell commands within AutoIt scripts. This sophisticated approach allows ViperSoftX to bypass traditional security measures and remain undetected, posing a significant threat to cybersecurity. Leveraging CLR and AutoIt for Stealth Operations CLR, a core component of Microsoft’s.NET Framework, functions as the execution engine for.NET applications.

In a startling development, the Akira ransomware gang has demonstrated a dramatic reduction in the time it takes to exfiltrate data from compromised servers. According to the BlackBerry Threat Research and Intelligence Team, this cybercriminal group managed to steal data from a Veeam server in just over two hours during a June attack on a Latin American airline.

The CDK Global ransomware attack was first reported in June 2024. Ransomware infected CDK Global, a software vendor that serves thousands of North American car dealerships. This ransomware attack affected over 10,000 U.S. car dealerships, their employees and their customers.

APT40 rapidly exploits network vulnerabilities, CloudSorcerer APT targets Russian organizations, and Eldorado threatens Windows and Linux systems.

A new strain of the HardBit ransomware has emerged in the wild. It contains a protection mechanism in an attempt to prevent analysis from security researchers.

Analysis of new ransomware group Volcano Demon provides a detailed look into how and why calling victims ups the chances of ransomware payment. Security researchers at Halcyon have uncovered a new ransomware threat group that initially follows traditional methods – harvesting admin credentials, data exfiltrated to a C2 server, logs cleared and data was encrypted using LukaLocker. However, Volcano Demon attacks take a different direction in the extortion phase.