#Ransomware

Russian ransomware gang exploited CVE-2025-61882 to steal SSNs and financial data from the college. The same vulnerability hit Harvard, UPenn, and 100+ organizations.

The Russian-linked gang led all ransomware groups on January 6 with attacks spanning wine distributors, art logistics, and medical practices across three countries.

Aurora College in Canada's Northwest Territories cancels all classes January 5-9 after cyber attack over Christmas break takes down servers, email, and e-learning systems.

New Year's Eve attack on Sedgwick Government Solutions compromises file transfer system serving DHS, CISA, and ICE. TridentLocker claims 3.4GB of stolen data.

After ASUS missed ransom deadline, Everest releases complete data trove including ROG source code, Qualcomm SDKs, and ArcSoft files on cybercrime forums.

ManageMyHealth confirms Kazu ransomware gang compromised Health Documents module, threatening to leak 108GB of medical records unless $60,000 ransom is paid.

Beyond CVSS scores, these vulnerabilities caused the most damage in 2025—from nation-state exploitation to mass ransomware campaigns and breaches affecting millions.

Oltenia Energy Complex shut down IT systems on December 26 after a ransomware attack encrypted critical documents and disrupted ERP, email, and web operations.

Ransomware group says it exfiltrated over a terabyte of Chrysler customer data including Salesforce records and recall case narratives. Threatening to publish in days.

Ransomware tracking data shows 63 total claims from 6 groups on December 26. LockBit's revival dominates holiday attack wave targeting reduced security staff.

David Stern, the sole employee running CISA's ransomware early warning initiative, resigned December 19 after being ordered to relocate. The program had sent 2,100+ alerts in 2024.

Month-long operation across 19 African nations recovers $3 million, takes down 6,000 malicious links, and decrypts six ransomware variants.

Akira ransomware gang exploited known SonicWall vulnerability to hit fintech vendor serving 700+ banks and credit unions. SSNs and card numbers stolen.

Oracle E-Business Suite zero-day exploitation adds another victim to Clop's CVE-2025-61882 campaign. SSNs and bank account numbers among exposed data.

Artem Stryzhak admits role in double-extortion ransomware attacks targeting large US and European companies from 2018 to 2021.

A Sygnia IR manager and DigitalMint negotiator admitted to deploying BlackCat ransomware while employed to help victims respond to such attacks.

Attackers weaponized Windows BitLocker to encrypt systems across Romanian Waters, impacting 10 of 11 river basin management organizations.

From the largest cryptocurrency heist in history to nation-state espionage campaigns targeting critical infrastructure, 2025 redefined the cyber threat landscape.

CVE-2025-55182 exploitation escalates as Weaxor ransomware operators use critical React Server Components flaw for initial access across 60+ organizations.