Latest updates for Ransomware

Fresh curated links around ransomware are collected here so marketers can spot useful updates and turn timely ideas into posts faster.

Recent items include:

  • The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
  • GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
  • INC Ransomware Uses Rust-Based Windows and Linux/ESXi Encryptors in New Attacks

Post angles to try

Share the most useful takeaway for your audience.
Turn one article into a quick practical checklist.
Ask your audience how this shift affects their work.
Turn angles into scheduled posts

Fresh articles and ideas

Recent curated links from global sources. Generate one free draft from any story, then use SocialBu to schedule and refine your content calendar.

thehackernews.com /1 month ago

The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm

A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion at...

Read source
thehackernews.com /6 days ago

GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses

Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security software as part of its defense evasion...

Read source
cybersecuritynews.com /3 weeks ago

INC Ransomware Uses Rust-Based Windows and Linux/ESXi Encryptors in New Attacks

INC ransomware has grown from a newcomer threat into one of the most dangerous ransomware operations worldwide. What began as an emerging criminal group in mid-2023 has claimed ove...

Read source
news.bitcoin.com /4 days ago

Ransomware Hacker Pleads Guilty After $15M Bitcoin Extortion Scheme

Federal prosecutors alleged a Ryuk ransomware operation extracted more than $15 million in bitcoin from U.S. organizations. An Armenian national admitted participating in attacks t...

Read source
computerra.ru /3 weeks ago

Новый вирус-вымогатель использует оригинальную тактику атаки

Источник: Компьютерра - Журнал о науке и технологиях Новый вредонос обрабатывает недавно измененные файлы и даже не оставляет на зараженной системе записку с требованием выкупа. Э...

Read source
gbhackers.com /1 week ago

JADEPUFFER Agentic Ransomware Uses LLM to Automate Database Extortion

The first instance of agentic ransomware: JADEPUFFER, an LLM-driven extortion operation that automated an end-to-end database-crippling campaign. The actor gained execution on an i...

Read source
techcrunch.com /5 days ago

Florida ransomware negotiator convicted for helping ransomware gang extort US companies

A third ransomware negotiator has been jailed for helping a notorious ransomware group extort American victim companies into paying the hackers.

Read source
computerweekly.com /1 month ago

The Gentlemen emerging as key ransomware player

An emerging ransomware crew known as The Gentlemen is becoming a force to be reckoned with, according to NCC’s latest monthly threat data

Read source
theregister.com /1 week ago

Smooth AI criminal drives 'first' end-to-end agentic ransomware attack

Don't count on the LLM to return your data - even if you pay up

Read source
cybersecuritynews.com /1 month ago

Ransomware Uses SYSTEM Scheduled Task to Encrypt Local Drives With Elevated Privileges

A newly analyzed ransomware strain called The Gentlemen is raising serious alarms across the cybersecurity community. Built in the Go programming language and obfuscated with a too...

Read source
thehackernews.com /3 weeks ago

INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023

Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming...

Read source
gbhackers.com /1 week ago

Go-Based Gentlemen Ransomware Uses PsExec, WMIC, and PowerShell Remoting for Network Propagation

Gentlemen, a Go-based ransomware-as-a-service (RaaS) active since mid-2025, has distinguished itself with a potent combination of modern cryptography, aggressive worm-like propagat...

Read source
zdnet.com /1 week ago

Why this fully agentic ransomware attack is giving researchers nightmares

JadePuffer could be the first reported case of a ransomware attack driven by AI from start to finish. How can businesses respond?

Read source
cybersecuritynews.com /1 week ago

The Gentlemen Ransomware Uses 21 Remote Execution Techniques to Encrypt Entire Networks

A new ransomware strain called The Gentlemen has emerged as one of the more aggressive threats tracked this year, combining strong encryption with a self-spreading worm engine that...

Read source
arstechnica.com /5 days ago

Ransomware negotiator hired to represent victims was working for the attackers

Six years in prison for man who "sold out the very victims he was hired to represent."

Read source
thehackernews.com /1 week ago

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiati...

Read source
inc.com /1 month ago

The Surprising Tactic Your Company Should Use If It’s the Victim of a Ransomware Attack

Ransomware attacks increased last year. But you may have more options than you think if you’re hit by one.

Read source
gbhackers.com /1 month ago

Ransomware Abuses SYSTEM Task to Encrypt Drives with Elevated Privileges

A newly analyzed ransomware strain, “The Gentlemen,” is raising concern among security researchers due to its ability to combine strong encryption with aggressive lateral movement....

Read source
techcrunch.com /1 month ago

Google and FBI warn of ransomware group that sends fake IT workers to hack victims in person

Cybercriminals, part of a gang known as Silent Ransom Group, have sent people pretending to be IT support employees to law firms' offices, where the criminals have stolen data usin...

Read source
cybersecuritynews.com /6 days ago

GodDamn Ransomware Rebrands From Beast and Uses PoisonX Driver to Disable Defenses

GodDamn ransomware has emerged as a serious threat, marking the third rebrand of a family that has quietly evolved since 2022. What makes this variant stand out is not just its enc...

Read source
hackread.com /1 week ago

Sysdig Details JADEPUFFER, the First Documented Agentic Ransomware Operation

A new Sysdig report traces how an LLM agent abused a Langflow flaw, stole credentials, reached production MySQL, and destroyed Nacos config data in minutes flat.

Read source
thehackernews.com /1 week ago

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack

Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUF...

Read source
fastcompany.com /19 hours ago

Ransomware attacks rose 20% in the first half of 2026

Hackers leaned further into ransomware in the second quarter of 2026, with a surge of new attacks led by two competing ransomware-as-a-service groups. A new report  from NordSte...

Read source
blog.knowbe4.com /1 week ago

INC Ransomware Gang Targets the Legal Sector

The INC ransomware-as-a-service (RaaS) operation has grown into one of the premier ransomware offerings, claiming hundreds of victims in 2026 alone, according to researchers at Acr...

Read source

Turn fresh research into a full content calendar

Use SocialBu to discover ideas, generate post drafts, and schedule them across your social channels.

Sources covering Ransomware

feeds.arstechnica.com

Recent coverage from public sources
Public source

computerweekly.com

Recent coverage from public sources
Public source

blog.knowbe4.com

Recent coverage from public sources
Public source

cybersecuritynews.com

Recent coverage from public sources
Public source

feeds.feedburner.com

Recent coverage from public sources
Public source

gbhackers.com

Recent coverage from public sources
Public source