Ransomware

Ransomware attacks, gangs, decryptors

11 stories

Very Bearish 7

Scattered Spider teens jailed 5.5 years for £29M TfL attack – extradition looms

Two UK teenagers, core members of the Scattered Spider hacking group, have been sentenced to 5.5 years for a £29 million cyber attack on Transport for London. The case demonstrates the group’s social engineering prowess and the role of cryptocurrency tracing in identifying attackers, while one hacker now faces extradition to the US for $87 million in extortion.

Very Bearish 6

Fairlife ransomware attack halts production: No gang claims $4B Coca-Cola unit

The ransomware attack on Coca-Cola's Fairlife subsidiary has shut down US dairy production, with the company's SEC filing revealing a breach of production systems. No threat actor has claimed responsibility, and the investigation is ongoing, raising questions about data exfiltration and potential extortion. Cybersecurity experts note parallels to past food sector attacks that caused weeks of disruption.

Verified by 2 sources
Bearish 8

AI-run ransomware encrypts 1,300+ configs in 31-second attack

Sysdig’s JadePuffer attack marks the first agentic ransomware, with an AI autonomously encrypting over 1,300 records in a real incident. Human operators still set up the infrastructure, signaling a new era of human-AI teaming in cybercrime. Defenders must prepare for machine-speed attacks that adapt within seconds.

Verified by 2 sources
Neutral 5

Ransomware hits Kee Wah Bakery: 3 data categories at risk in Hong Kong

Hong Kong’s Kee Wah Bakery suffers a ransomware attack, potentially exposing employee, partner and customer data. The incident, reported to regulators, highlights growing supply chain and third‑party risks in the region’s digitally connected food retail sector.

Verified by 2 sources
Neutral 6

Ransomware Paradox: Global Volume Drops as CL0P and The Gentlemen Surge

While global ransomware incident volume has seen a notable decline in early 2026, specialized threat actors like CL0P and The Gentlemen are bucking the trend with aggressive campaigns. This shift indicates a strategic move away from high-volume encryption toward sophisticated, high-value data exfiltration and targeted extortion.

Verified by 2 sources
Bullish 7

Ransomware Payment Rates Hit Record Low of 28% Amid Surge in Attacks

The percentage of ransomware victims opting to pay ransoms has plummeted to an all-time low of 28%, even as the total volume of attacks continues to climb. This trend signals a major shift in corporate resilience and a growing refusal to fund the cybercriminal ecosystem.

Verified by 2 sources
Very Bearish 8

UMMC Ransomware Attack Forces Statewide Clinic Closures and Surgery Delays

The University of Mississippi Medical Center has shuttered approximately 36 clinics and canceled elective procedures following a major ransomware attack. The disruption, entering its second day, highlights the critical vulnerability of regional healthcare infrastructure to digital extortion.

Verified by 2 sources
Very Bearish 8

UMMC Shuts Down All Clinics Following Major Ransomware Attack

The University of Mississippi Medical Center (UMMC) has suspended operations across its entire clinic network following a disruptive ransomware attack. The shutdown highlights the critical vulnerability of academic medical centers and the extreme measures required to contain modern cyber threats.

Verified by 2 sources
Very Bearish 8

UMMC Shuts Down Statewide Clinics Following Major Ransomware Attack

The University of Mississippi Medical Center (UMMC) has suspended operations across its entire network of clinics following a disruptive ransomware attack. The incident has forced the state's only academic medical center to transition to manual processes and divert non-emergency patients, highlighting the persistent vulnerability of critical healthcare infrastructure.

Verified by 2 sources
Bearish 6

Advantest Responds to Ransomware Attack on Semiconductor Testing Systems

Japanese semiconductor testing giant Advantest has confirmed a ransomware incident affecting its corporate network and potentially compromising sensitive data. The company is currently investigating the scope of the breach and has pledged direct notification to any affected customers or employees.

Verified by 2 sources
Very Bearish 8

LockBit 5.0 Debuts as 0APT Claims Massive Unverified Ransomware Campaign

The ransomware landscape is undergoing a significant shift as the LockBit cartel launches its 5.0 iteration with cross-platform capabilities, while a mysterious new entity, 0APT, claims over 200 victims without providing proof of data theft. These developments highlight a dual-track evolution of high-end technical sophistication and aggressive, volume-based psychological warfare.

Verified by 2 sources

About Cybersecurity Ransomware coverage

According to our own tracking database, this category has accumulated 11 ransomware stories since coverage began. This page aggregates the latest ransomware stories within our cybersecurity coverage area. Every story is cross-referenced across multiple primary sources, scored for sentiment and operational impact, and timestamped so fresh developments surface first. We track ransomware attacks, gangs, decryptors and surface the angles a domain expert would actually read.

Story selection follows our editorial methodology — impact scoring weights regulatory, financial, and operational developments distinctly. Sentiment is classified across five tiers via supervised classification trained on labeled industry corpora. See our glossary for term definitions and our trends index for longitudinal patterns across the cybersecurity beat.

SignalWhat it tells you
Verified by N sourcesConfidence the story isn't a single-source rumor — N≥2 means the development is independently corroborated.
Impact score (1-10)Estimated regulatory, financial, or operational impact. 8+ indicates a story experienced operators should act on.
SentimentFive-tier classification (very bullish through very bearish) trained on labeled cybersecurity-specific corpora.
Time stampRecency. Fresh stories (under 1h) render with a highlighted timestamp; stale stories (≥24h) render dimmed.