CyberheistNews Vol 15 #30 [Heads Up] Ransomware is Again—and Smarter Than Ever in 2025: Traits

[Heads Up] Ransomware is Again—and Smarter Than Ever in 2025: Traits

By Roger Grimes

I have been following ransomware because the first one, the AIDS Cop Trojan, was launched in December 1989. It locked up sufferer computer systems and requested for $300 to be despatched to a Panama P.O. Field. Rather a lot has modified since then.

The invention of cryptocurrencies, significantly Bitcoin in January 2009, was largely chargeable for the explosion of ransomware by September 2013. This was when CryptoLocker ransomware was launched to the world. Ransomware gangs have been making many billions of {dollars} per yr ever since.

The “double extortion” section of ransomware, the place ransomware gangs first exfiltrated information and logon credentials, began in November 2019. Now, effectively over 90% of ransomware exfiltrates information. Forty p.c (40%) of ransomware gangs solely do information exfiltration (with out the encryption menace) to receives a commission.

There was a slight “down yr” in ransomware funds in 2022, and everybody puzzled whether or not the world had lastly began to get ransomware beneath management. But it surely was a one-year anomaly and ransomware funds have been larger than ever in 2023. However then they fell once more, considerably, in 2024 in response to Chainalysis.

Are we beginning to make a dent in ransomware? Probably. There have been dozens of main profitable legislation enforcement actions and sanctions towards ransomware gangs and members. Collectively, this has actually blown aside many ransomware teams, leading to infighting and dissolution inside lots of the remaining teams. Will this lead to fewer assaults and decrease ransom funds in 2025?

We are going to see.

Whereas we wait, listed below are some notable ransomware traits in 2025:

• Ransomware gangs have been exploiting extra software program and firmware vulnerabilities over the previous couple of years. (social engineering remains to be the primary preliminary entry methodology by far, however just a few share factors much less)
• Use CISA’s Recognized Exploited Vulnerability Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) to ensure you are patched.
• Common ransom paid (if paid) was simply over $500K. Median fee was beneath $250K
• Fewer victims are paying the ransomware than ever earlier than. Fee charges that was once close to 70% of all ransomware victims are actually right down to 25%, and that’s a part of an extended downward pattern
• Ransomware gangs are morphing into information breach gangs, concentrating on compromising great amount of knowledge for ransom or resale

[CONTINUED] Weblog submit with hyperlinks:
https://weblog.knowbe4.com/ransomware-trends-in-2025

[Live Demo] Ridiculously Simple AI-Powered Safety Consciousness Coaching and Phishing

Phishing and social engineering stay the #1 cyber menace to your group, with 68% of knowledge breaches attributable to human error. Your safety group wants a simple solution to ship customized coaching—that is exactly what our AI Protection Brokers present.

Be part of us for a demo showcasing KnowBe4’s modern strategy to human danger administration with agentic AI that delivers customized, related and adaptive safety consciousness coaching with minimal admin effort.

See how straightforward it’s to coach and phish your customers with KnowBe4′ HRM+ platform:

• SmartRisk Agent™ – Generate actionable information and metrics that can assist you decrease your group’s human danger rating
• Template Generator Agent – Create convincing phishing simulations, together with Callback Phishing, that mimic actual threats. The Advisable Touchdown Pages Agent then suggests acceptable touchdown pages based mostly on AI-generated templates
• Automated Coaching Agent – Robotically determine high-risk customers and assign customized coaching
• Information Refresher Agent and Coverage Quizzes Agent – Reinforce your safety program and organizational insurance policies
• Enhanced Government Studies – Monitor person actions, visualize traits, obtain widgets and enhance looking/sorting to supply deeper insights and streamline collaboration

See how these highly effective AI-driven options work collectively to dramatically cut back your group’s danger whereas saving your group beneficial time.

Date/Time: Wednesday, August 6 @ 2:00 PM (ET)

Save My Spot:
https://data.knowbe4.com/kmsat-demo-2?partnerref=CHN

Hundreds of Spoofed Information Websites Are Pushing Funding Fraud Scams

Scammers are utilizing over 17,000 phony information websites to push funding fraud, in response to a brand new report from CTM360.

These web sites, which the researchers name “Baiting Information Websites (BNS),” unfold through respectable advert platforms resembling Google or Meta. The websites impersonate well-known information suppliers, together with CNN, the BBC, CNBC, News24 and ABC Information. If a person clicks on one in every of these websites, they will be proven a pretend information article a few well-known determine selling a phony funding alternative.

“Clicking the advert redirects to a pretend information article designed to resemble CNN, Bloomberg, or native media retailers,” the researchers clarify.

“These articles impersonate high-profile people and monetary establishments, together with central banks, and publish fabricated tales and quotes that recommend these entities endorse a platform known as ‘Eclipse Earn,’ a supposed automated crypto funding system.”

Notably, the web sites are tailor-made to focus on particular areas around the globe. The phishing websites reference politicians, celebrities, and banks which might be related to the customers who see the advertisements. The assaults goal customers in additional than fifty nations throughout the Americas, Europe, the Center East, Africa, the Asia-Pacific and Oceania.

The websites are designed to trick customers into sending cash and handing over delicate info that can be utilized in future assaults.

“Victims are lured into making an preliminary deposit of round $240 to ‘activate’ their buying and selling accounts on fraudulent platforms resembling Solara or Vynex,” the researchers write. “After fee, the platform simulates entry to stay buying and selling dashboards, displaying pretend revenue development to bolster legitimacy and encourage continued engagement.”

After making an preliminary fee, the phishing website shows phony excuses resembling “system errors, pending verification, or processing limits” to trick victims into persevering with to ship cash whereas being unable to withdraw their supposed earnings.

KnowBe4 empowers your workforce to make smarter safety selections each day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human danger.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/thousands-of-spoofed-news-sites-push-investment-scams

Enhance Your Searching Safety: Combine SecurityCoach with Microsoft Edge for Enterprise

Managing the safety hole between your technical defenses and person habits simply bought simpler!

Introducing KnowBe4 SecurityCoach for Microsoft Edge for Enterprise integration. As one of many solely human danger administration platforms with a local reporting connector in Microsoft Edge for Enterprise, SecurityCoach now transforms your browser right into a real-time teaching platform.

It delivers speedy steering when customers interact in dangerous browser habits, resembling visiting suspicious web sites, reusing passwords or making an attempt to bypass safety warnings.

Why Dangerous Browser Exercise is a Menace to Organizational Safety

• Gartner predicts that by 2030, enterprise browsers would be the core platform for delivering workforce productiveness and safety software program on managed and unmanaged units for a seamless hybrid work expertise.
• Attackers have advanced from standard malware to extra refined methods, resembling malware that dynamically reassembles itself inside browsers. This enables attackers to bypass conventional safety measures whereas exploiting the truth that most organizations incorrectly deal with browsers as trusted purposes.
• Dangerous browser behaviors, together with storing delicate info, utilizing weak passwords, putting in untrusted extensions, falling sufferer to phishing assaults, utilizing unsecured networks, and failing to clear cache and cookies, considerably improve safety dangers

Be taught Extra
https://weblog.knowbe4.com/boost-your-browsing-security-integrate-securitycoach-with-microsoft-edge-for-business

Phishing Traits: Spotify Returns to the High Ten Most Impersonated Manufacturers

Verify Level has printed a report on phishing traits within the second quarter of 2025, discovering that Microsoft, Google and Apple have been the highest three mostly impersonated manufacturers final quarter. Apparently, Spotify rose to say a spot because the fourth most spoofed model.

“In one of many quarter’s most notable campaigns, cyber criminals impersonated Spotify to lure customers right into a credential-harvesting lure,” Verify Level says. “The phishing website was hosted at: premiumspotify, which redirects customers to a malicious URL.

The malicious web page replicated the official Spotify login expertise, full with genuine branding and design. Victims have been requested to enter their usernames and passwords, which have been then funneled to a pretend fee web page that tried to steal bank card particulars as effectively.

This marketing campaign marks Spotify’s first reappearance in phishing prime charts since This autumn 2019—and underscores how leisure companies are actually being exploited simply as aggressively as tech platforms.”

The know-how business remains to be the preferred goal for phishing assaults, adopted by social networks and retail. “The know-how sector stays the highest goal for phishing campaigns,” Verify Level says. “With platforms like Microsoft 365, Gmail, and iCloud central to customers’ digital lives, attackers see these manufacturers as gateways to every little thing from enterprise credentials to non-public information.

“Social networks (LinkedIn, WhatsApp, Fb) and retail/journey platforms (Amazon, Reserving.com) are additionally frequently spoofed, particularly when attackers purpose to take advantage of customers’ belief in day-to-day companies.”

The report warns of a surge in phishing assaults impersonating Reserving.com to trick customers with phony affirmation pages. “One other pattern that stood out in Q2 was the subtle impersonation of Reserving.com,” the researchers write.

“Verify Level researchers detected over 700 newly registered domains utilizing the format confirmation-id****[.]com — a quantity 100 occasions larger than in earlier quarters.

“What made these scams significantly harmful was the inclusion of customized particulars (title, electronic mail, telephone quantity) to make the reserving affirmation pages seem genuine and pressing. All websites have been short-lived and have since been taken down.”

Verify Level has the story:
https://weblog.checkpoint.com/analysis/phishing-trends-q2-2025-microsoft-maintains-top-spot-spotify-reenters-as-a-prime-target/

Verify Out KnowBe4 at Black Hat 2025!

KnowBe4 is thrilled to be returning to Black Hat in just a few quick weeks, and this yr we’re going BIG! Our brand-new sales space #1661 is filled with unbelievable experiences, unique networking alternatives and unforgettable moments you will not need to miss.

The spotlight of the week? KnowBe4’s fifteenth Birthday Celebration. I plan to be there too!

Be part of us Wednesday, August sixth from 3-4pm at sales space #1661 as we have fun this main milestone with model. We’re speaking drinks, cupcakes, a photograph sales space, superb prizes and extra!

However the pleasure would not cease there:

• Guide a 1:1 product demo and enter to win unique AirTags
• Create a monogrammed baggage tag to maintain your suitcase as protected as your information
• Get pleasure from unique after-party invites and prolonged networking occasions
• Join with business leaders and cybersecurity innovators

Mark your calendar, carry your colleagues and assist us make this fifteenth birthday one for the books.

Uncover Extra!
https://data.knowbe4.com/blackhat-us

Let’s keep protected on the market.

Heat regards,

Stu Sjouwerman, SACP
Founder and Exec Chair
KnowBe4, Inc.

PS: [BUDGET AMMO]The Rise Of Adaptive Safety Coaching: Personalised Danger Administration:
https://www.forbes.com/councils/forbestechcouncil/2025/07/23/the-rise-of-adaptive-security-training-personalized-risk-management/

PPS: The New APIsec College Coaching Modules Are Now Obtainable in KnowBe4’s Diamond Library:
https://weblog.knowbe4.com/new-apisec-university-training-modules-now-available-in-knowbe4s-diamond-library

You possibly can learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-15-30-heads-up-ransomware-is-back-and-smarter-than-ever-in-2025-trends

Report: Attackers Are Utilizing AI to Disguise Phishing Websites

Menace actors are utilizing AI-powered cloaking companies to cover their phishing websites from safety instruments, in response to a brand new report from SlashNext.

Commodity cloaking-as-a-service (CaaS) instruments use fingerprinting and filtering methods to point out benign webpages to safety scanners, whereas directing people to malicious websites. These methods aren’t new, however AI instruments have made them far more efficient.

“This dual-personality supply is extraordinarily efficient at deceiving safety instruments,” SlashNext explains. “URL scanning bots and advert community crawlers report again that the web site appears clear as a result of they solely noticed the white web page.

‘In the meantime, precise victims get the rip-off content material and probably fall prey. It is basically selective camouflage, and AI-based cloaking companies have elevated it to a science. By utilizing JavaScript fingerprinting to profile units (display screen decision, browser plugins, timezone, contact capabilities, and extra) and continuous machine studying evaluation of what constitutes a standard vs suspicious customer, cloakers can filter visitors with unbelievable granularity.”

Two of the preferred cloaking instruments, Hoax Tech and JS Click on Cloaker, are ostensibly meant to assist on-line entrepreneurs, however cybercriminals are making in depth use of them. Hoax Tech makes use of a customized AI engine known as Matchex to research patterns widespread to superior bots, studying over time because the bots enhance.

JS Click on Cloaker makes use of machine studying to research web site guests towards a large database with a purpose to detect bots. “Cybercriminals are successfully treating their internet infrastructure with the identical sophistication as their malware or phishing emails, investing in AI-driven visitors filtering to guard their scams,” SlashNext says.

“It is an arms race the place cloaking companies assist attackers management who sees what on-line, masking malicious exercise and tailoring content material per customer in actual time. This will increase the effectiveness of phishing websites, fraudulent downloads, affiliate fraud schemes, and spam campaigns, which might keep stay longer and snare extra victims earlier than being detected.”

KnowBe4 empowers your workforce to make smarter safety selections each day.

SlashNext has the story:
https://slashnext.com/weblog/how-threat-actors-use-ai-to-hide-malicious-sites/

How Hackers Exploit Microsoft Groups in Social Engineering Assaults

Attackers are utilizing Microsoft Groups calls to trick customers into putting in the Matanbuchus malware loader, which ceaselessly precedes ransomware deployment, in response to researchers at Morphisec.

Matanbuchus malware-as-a-service providing that permits menace actors to put in extra payloads onto contaminated Home windows methods. “Over the previous 9 months, Matanbuchus has been utilized in extremely focused campaigns which have probably led to ransomware compromises,” Morphisec says.

“Not too long ago, Matanbuchus 3.0 was launched with vital updates to its arsenal. In one of the vital latest circumstances (July 2025), a Morphisec buyer was focused by means of exterior Microsoft Groups calls impersonating an IT helpdesk. Throughout this engagement, Fast Help was activated, and workers have been instructed to execute a script that deployed the Matanbuchus Loader.”

The menace actors use social engineering to stroll the worker by means of the obtain of a malicious file, which ends up in malware set up.

“Victims are rigorously focused and persuaded to execute a script that triggers the obtain of an archive,” the researchers write. “This archive comprises a renamed Notepad++ updater (GUP), a barely modified configuration XML file, and a malicious side-loaded DLL representing the Matanbuchus loader.

“In earlier campaigns from September 2024, an MSI installer was downloaded, which in the end led to an identical circulation of Notepad++ updater sideloading execution.”

“As soon as the malware is put in, it creates a stealthy foothold to keep up persistence on the contaminated system. “To constantly dial house, Matanbuchus must create persistency; that is achieved by scheduling a job,” Morphisec says. “Whereas it sounds easy, Matanbuchus builders applied superior methods to schedule a job by means of the utilization of COM and injection of shellcode.”

Morphisec has the story:
https://www.morphisec.com/weblog/ransomware-threat-matanbuchus-3-0-maas-levels-up/

[New Whitepaper] Finest Safety Practices for AI Prompting and Constructing Agent Programs

Bob Fabien wrote on X: “Whereas some are nonetheless paying over a grand for AI programs, the most important gamers are making a gift of high-value assets without charge. From immediate engineering to agent frameworks, it’s all right here.”

And here’s a little current from me to you. I grabbed the brand new Agent Mode of OpenAI and advised it to create an government abstract of one of the best practices in all of the beneath guides and paperwork. Then I ran an edit over it for readability and completeness.

I additionally included Case Research: Constructing a Cybersecurity Incident Classifier.

Hoping this protects you a bunch of time. Right here is it as a 21-page PDF, nice in your subsequent lunch and be taught. Get pleasure from!

Right here is the weblog submit with the hyperlink:
https://weblog.knowbe4.com/new-whitepaper-best-security-practices-for-ai-prompting-and-building-agent-systems

What KnowBe4 Prospects Say

“Hello Nichol, I simply wished to succeed in out to present suggestions on Aariel. She is totally superior. I come from a help background and have a really excessive customary. She is nothing wanting distinctive. I am unable to start to inform you the worth add she gives along with her persevering with help of our deployment of KnowBe4. Care for her!”

– J.C. Affiliate Director, Head of IT