On Nov. 7, the ALPHV ransomware group targeted the network of financial services company MeridianLink and, according to the group, stole files. No encryption was involved but, the group claims, MeridianLink was aware that the attack had happened. A communication took place between the attackers and the company, but no ransom was paid. So far, […]

Who are the people the ransomware groups most rely on for their business model? Most commentators fall back on the conventional view that the ransomware industry’s main protagonists are the clever but amoral hacker masterminds looking to make big bucks. But occasionally we get a glimpse that what’s inside the criminality’s black box might be […]

Imagine a world where ransomware victims across the globe simply refused to pay their attackers. In theory, the attackers would quickly realize their extortion business model no longer made any sense. As has been widely observed, victims who pay attackers simply fuel the next wave of ransomware. It follows from this that as long as […]

Spend any time studying official cyberattack disclosures and two words that crop up with striking regularity are “sophisticated” and “targeted.” Every attack is said to be sophisticated just as every attack is either targeted or even highly targeted. These terms have been a common element in press releases and regulatory disclosures ever since cyberattack incidents […]

On Oct. 17, a triumphant message suddenly appeared on the official dark web leak page of the Trigona ransomware group. Later copied to X (formerly Twitter) by a group calling itself the Ukrainian Cyber Alliance, it read as follows: “Trigona is gone! The servers of the Trigona ransomware gang has been exfiltrated and wiped out.” […]