| Ransomware remains a persistent and ever-evolving threat to businesses of all sizes and sectors. While the tactics, techniques, and procedures (TTPs) may vary, the end goal is often the same – a substantial payday. |
| After months of silence, LockBit recently reemerged with an announcement of its “LockBit 5.0 Affiliate Program,” which grants its affiliates the ability to target critical infrastructure usually off-limits under standard ransomware-as-a-service (RaaS) rules. Shortly after LockBit reentered the ransomware scene, three well-known groups—Qilin, LockBit, and DragonForce—announced they were forming an alliance. Their goal is to collaborate and share techniques, infrastructure, and resources. |
| Another cybercrime group known for deploying ransomware, Storm-1175, has been exploiting a vulnerability in GoAnywhere MFT. During their multi-stage attack, they exploited CVE-2025-10035, which enabled remote code execution. After gaining access, they installed remote device management tools, such as SimpleHelp and MeshAgent, to allow them to drop web shells and move laterally across networks using Windows utilities. In one attack, they were able to drop RClone and Medusa ransomware. |
| Ransomware attacks are typically opportunistic, and a wide range of businesses have become victims. Asahi Group Holdings, a Japanese brewery and food giant, recently experienced an attack on its manufacturing operations, with Qilin RaaS claiming responsibility for the incident. While Asahi immediately shut down operations and isolated affected systems, it is still working to fully restore its systems and get everything back online. |