Interlock, a ransomware intrusion set first observed in September 2024, has steadily carved a niche for itself within the cybercriminal landscape. Unlike many well-known groups, Interlock does not operate under the typical "Ransomware-as-a-Service" (RaaS) model. As of March 2025, there are no public advertisements or indications of affiliate recruitment linked to this group, distinguishing it from larger, more commercialized ransomware operations.

A novel ransomware strain named Ymir has emerged, encrypting systems previously compromised by the RustyStealer malware. RustyStealer, a credential-harvesting tool initially documented in 2021, is now being used to facilitate ransomware deployment, reflecting an increasing trend of collaboration among cybercriminal operations.

A significant ransomware attack has recently exploited vulnerabilities in CyberPanel, affecting over 22,000 instances globally. PSAUX ransomware leveraged a critical security flaw, leaving these web hosting control panels compromised and effectively taken offline. Here’s an overview of the vulnerabilities exploited, the ransomware’s impact, and steps for mitigation.

The Knight ransomware has adopted a deceptive guise by orchestrating an ongoing spam campaign that cleverly poses as TripAdvisor complaints. This intricate ploy conceals its malicious intent, with the ransomware itself being a revamped version of the Cyclop Ransomware-as-a-Service. The re-branding took place at the close of July 2023, marking a shift from its previous identity.

In the realm of cyber security, ransomware remains a persistent and evolving threat, wreaking havoc on organizations and individuals alike. Microsoft's recent revelations about the BlackCat ransomware's latest version, the Sphynx ransomware, illuminate the ever-advancing tactics employed by cyber criminals