extortion Archives

Winsage

April 3, 2026

Man admits to locking thousands of Windows devices in extortion plot

A former core infrastructure engineer, Daniel Rhyne, admitted to locking Windows administrators out of 254 servers during an extortion attempt against his employer in Somerset County, New Jersey. Rhyne accessed the company's network without authorization from November 9 to November 25, deleting network admin accounts and altering passwords for 13 domain admin accounts and 301 domain user accounts to "TheFr0zenCrew!". He also scheduled tasks to modify passwords for two local admin accounts affecting 3,284 workstations and planned to shut down random servers and workstations in December 2023. On November 25, he sent a ransom email demanding 20 bitcoin, claiming IT administrators were locked out and server backups erased. Forensic investigators found he used a concealed virtual machine to plan his actions. Rhyne was arrested on August 27 and faces charges related to hacking and extortion, with a potential maximum sentence of 15 years in prison.

TrendTechie

March 12, 2026

Хакер уничтожил крупнейший французский торрент-трекер и обвинил владельцев в хранении данных кредитных карт миллионов пользователей

YggTorrent, a prominent French private torrent tracker launched in 2017, was reportedly destroyed by a hacker known as Gr0lum in early March, leaving 6.6 million users affected. Gr0lum accused the YggTorrent administration of engaging in DDoS attacks against competitors, purging dissenting uploaders, and sabotaging their own API. In 2025, YggTorrent introduced a Turbo subscription model that hampered downloads, leading to user criticism. Following its downfall, YggTorrent has made a tentative return as a countdown website, with the administration denying all allegations and asserting that databases and backups were not destroyed. The French piracy community remains skeptical of these claims.

Tech Optimizer

February 19, 2026

The 5 Biggest Cybersecurity Threats to Watch in 2026: Is Your Business Safe From These Looming Dangers? – Travel And Tour World

In 2026, cybersecurity has evolved significantly, necessitating organizations to prioritize five critical threats identified by expert Danny Mitchell from Heimdal: 1. AI Vulnerabilities: Attackers can manipulate machine learning models by introducing corrupted data, leading to dangerous decisions by AI systems. 2. Cyber-Enabled Fraud and Phishing: Phishing attacks have become more sophisticated with AI, using deepfake technology to impersonate individuals and evade detection. 3. Supply Chain Attacks: Cybercriminals exploit vulnerabilities in software libraries and vendor relationships, compromising trusted software updates and access credentials. 4. Software Vulnerabilities: The rapid discovery of software vulnerabilities outpaces patching efforts, leaving systems exposed to attacks, especially legacy systems. 5. Ransomware Attacks: Modern ransomware employs double extortion tactics, encrypting and stealing data, pressuring businesses to comply with ransom demands. Mitchell recommends strategies such as auditing AI systems, implementing multi-channel verification, securing supply chains, prioritizing patch management, and developing ransomware response plans to combat these threats.

Tech Optimizer

February 16, 2026

What is the best PC antivirus for 2026: Acronis True Image vs. competitors

In 2026, traditional antivirus solutions are becoming outdated due to the rise of sophisticated cyber threats, including AI-driven ransomware and advanced phishing schemes. The FBI Internet Crime Report states that cybercrime losses exceeded .5 billion in 2023, with projections by Cybersecurity Ventures estimating costs could reach trillion annually by 2025. Research from IBM shows that organizations without a tested recovery plan face higher costs and longer downtimes. Built-in protections like Windows Defender and MacOS XProtect offer basic security but may leave gaps, necessitating comprehensive third-party antivirus solutions. Acronis True Image is highlighted for its unique combination of real-time malware protection and full system backup capabilities, enabling users to recover quickly from incidents. Other leading antivirus solutions, such as Norton 360, Bitdefender, McAfee, and Kaspersky, excel in threat prevention but lack integrated recovery options. Acronis emphasizes the importance of both security and continuity, preparing users for both cyber incidents and everyday failures.

Winsage

February 11, 2026

Windows shortcut files targeted by ransomware gang Global Group

The Global Group ransomware operates in a mute mode, executing all activities locally on the compromised system without communicating with a command and control server. It generates the encryption key directly on the host machine, meaning no data is exfiltrated despite claims in its ransom note. This method streamlines the attack process, minimizes detection risks, and allows for quicker execution of attacks, targeting more victims while making data exfiltration unnecessary for compelling ransom payments.

Winsage

February 11, 2026

Global Group ransomware gang running new campaign using Windows shortcut files

The Global Group ransomware operates entirely in silent mode, executing all activities locally on the compromised system without relying on a command and control server. It generates the encryption key directly on the host machine, resulting in no actual data exfiltration despite claims in its ransom note. This approach allows for quicker attacks, targeting a broader range of victims while reducing detection risk. The act of encryption alone can compel payment due to significant operational downtime for affected organizations.

Tech Optimizer

December 3, 2025

Wacatac Trojan: What Is It And How To Remove It

The Wacatac Trojan is a type of malware first documented in January 2020, known for disguising itself as benign software to trick users into installation. It operates under various aliases, including Trojan:Script/Wacatac and Trojan:Win32/Wacatac, and can connect to Command-and-Control (C2) servers for remote manipulation. Its capabilities include stealing credentials, evading antivirus detection, creating or joining botnets, causing system damage, enabling spyware functions, acting as Remote Access Tools (RATs), and downloading additional malware. Symptoms of infection include sluggish performance, program failures, unexplained storage reductions, and unfamiliar processes. Wacatac spreads through unofficial software, malicious web pages, and phishing emails. Removal is best achieved using reputable antivirus software, while prevention involves avoiding questionable downloads, practicing good digital hygiene, keeping software updated, backing up data, and using quality antivirus solutions. False positives can occur, where legitimate programs are mistakenly flagged as Wacatac.

Tech Optimizer

December 2, 2025

When AI Breaks Bad: The Rise of Ransomware and Deepfakes

Artificial Intelligence (AI) is transforming the cybersecurity landscape by enabling sophisticated cyberattacks, such as ransomware and deepfakes. Ransomware has evolved from manual coding to AI-driven automation, making attacks more efficient and harder to stop. AI automates the targeting of victims by analyzing large datasets to identify vulnerabilities. Machine learning allows malware to change its form to evade detection, and ransomware can operate autonomously within networks. Phishing attacks have become more convincing through AI-generated messages that mimic real communications. Deepfakes can create realistic impersonations, leading to financial fraud and extortion, as demonstrated by a 2024 incident resulting in a million loss. Deepfakes also pose risks for manipulation and disinformation, affecting public perception and market dynamics. On the defensive side, AI is utilized in cybersecurity to detect and prevent attacks through anomaly detection, zero-trust security models, and advanced authentication methods. Human training and awareness are crucial for recognizing AI-generated threats. Effective defense requires regulations, shared accountability, and preparedness within organizations, including continuous monitoring and employee training. Collaboration between public agencies and private security firms is essential for a robust response to cyber threats.

AppWizard

November 14, 2025

Google warns Android users: Don’t install these apps on your phone!

Google has warned Android users to be cautious when downloading applications from the Google Play Store, particularly those pretending to be VPN services, as they may contain malware. This warning is prompted by new age verification laws in the UK and Italy, which have led minors to seek VPN apps to bypass adult content restrictions, creating an opportunity for cybercriminals to offer fake VPN services. These fraudulent apps can deploy various types of malware, including info-stealers and banking trojans, compromising personal data and financial credentials. Google highlighted that threat actors use sophisticated advertising strategies to distribute these malicious applications, often impersonating trusted brands or using social engineering tactics. To protect against these threats, users are advised to download VPN services only from reputable sources, avoid apps promoted through ads, and pay attention to app permissions. Google Play Protect and a special VPN badge can help identify legitimate apps.

AppWizard

November 4, 2025

Malicious Android apps on Google Play downloaded 42 million times

The Android ecosystem has seen a significant rise in malicious applications, with over 40 million harmful apps downloaded from Google Play between June 2024 and May 2025. There has been a 67% year-over-year increase in malware targeting mobile devices, particularly spyware and banking trojans. Cybercriminals are shifting tactics from card fraud to mobile payment exploitation, employing phishing, smishing, SIM-swapping, and payment scams. Banking malware transactions reached 4.89 million in 2025, with a slowed growth rate of 3%. Malicious applications increased from 200 to 239, totaling 42 million downloads, with adware now accounting for 69% of all detections. Spyware has surged by 220% year-over-year, with India, the U.S., and Canada being the most affected countries. Notable malware families include Anatsa, which targets financial institutions, Android Void (Vo1d), which affects Android TV boxes, and Xnotice, which targets job seekers. IoT devices, particularly routers, are also being exploited, with the majority of attacks occurring in the U.S. Zscaler recommends implementing security measures such as regular updates, trusting reputable publishers, and adopting zero-trust technology for organizations.