Forgot your password?
typodupeerror
Security

Ransomware Is Getting Uglier As Cybercriminals Fake Leaks and Skip Encryption Entirely (nerds.xyz) 22

"Ransomware activity jumped again in Q1 2026," writes Slashdot reader BrianFagioli, "with 2,638 victim posts on leak sites, up 22% year over year," according to a report from cybersecurity company ReliaQuest. But the bigger shift is how messy the ecosystem has become. Established groups like Akira and Qilin are still active, while newer players like The Gentlemen surged into the top tier with a 588 percent spike in activity. At the same time, questionable leak sites such as 0APT and ALP-001 are muddying the waters by posting possibly fake breach claims, forcing companies to investigate incidents that may not even be real.

Meanwhile, actors like ShinyHunters are showing that ransomware does not always need encryption anymore. By targeting identity systems and SaaS platforms, attackers can steal data using legitimate access, often through phishing or even phone-based social engineering, and then extort victims without deploying traditional malware. With a record 91 active leak sites and faster attack timelines, the report suggests defenders should focus less on tracking specific groups and more on stopping common tactics like credential theft, remote access abuse, and large-scale data exfiltration.

This discussion has been archived. No new comments can be posted.

Ransomware Is Getting Uglier As Cybercriminals Fake Leaks and Skip Encryption Entirely

Comments Filter:
  • . . . letters of marque and reprisal?

    • by gweihir ( 88907 )

      These are not useful if you do not know whom to target. The biggest problem is crapto, as it still allows money-laundering of pretty large sums. Obviously, these capabilities get used by others as well, and hence crapto is still nowhere near regulated and monitored as conventional money transfers are. And hence the ransomware campaigns continue and, besides a few really stupid operators, we have no clue who is behind them.

      The other problem is, obviously, people operating important IT systems with grossly in

    • The last thing on earth we want to do is to start making vigilantism into a business.

      Because you can bet your ass that if you put out letters of Marque unless there is profit involved nobody's going to do it. So the next step is going to be for the government to be paying people to go after these guys.

      That sounds good until private equity companies start getting involved seeing profit. So before you know it you are going to have a shitload of water essentially private military contractors running ar
  • "the report suggests defenders should focus less on tracking specific groups and more on stopping common tactics like credential theft, remote access abuse, and large-scale data exfiltration."

    Both!

    They're not mutually exclusive.

    • by gweihir ( 88907 )

      Indeed. The main problems are abysmally bad IT security and easy money-laundering via crapto. The only reason these groups exist and became large is because doing ransomware is far too easy.

  • by SoftwareArtist ( 1472499 ) on Sunday May 03, 2026 @11:34AM (#66125658)

    Or, as I've been saying for many years, we could outlaw paying ransoms. Do that and the whole ransomware ecosystem would shrivel up. The only reason it exists is that people keep paying ransoms. If we'd done it 15 years ago, the amount of harm that would have been avoided would be vast.

    It also is the only solution that has any chance of success. As long as there's money to be made, attackers will keep finding ways to extort people.

    • by Anonymous Coward

      because countries that have outlawed paying ransoms to kidnappers have broken the kidnapping industry?

      this doesn't work, it just makes more people criminals.

      • by dgatwood ( 11270 )

        because countries that have outlawed paying ransoms to kidnappers have broken the kidnapping industry?

        this doesn't work, it just makes more people criminals.

        But corporations are not people. Corporations exist at the mercy and whims of the state. And corporations have to tell who they paid money and for what.

        If you make it illegal for corporations to pay ransoms to the tune of "If you get caught, your corporate charter is revoked," it won't make more people criminals; it will make it nearly impossible for corporations to pay ransoms without the corporation ceasing to exist, which would make paying the ransom entirely moot.

        But for it to work, the cost of gettin

      • because countries that have outlawed paying ransoms to kidnappers have broken the kidnapping industry?

        this doesn't work, it just makes more people criminals.

        Except it does. The problem is when a ban isn't enacted everywhere there's jurisdictional issues. Italy had a massive localised organised crime issue in the 80s with kidnappings for money being a core part of it. Well they banned it in 1991 which basically saw kidnapping as an industry collapse in the 90s. The ban worked wonders.

        The problem it didn't solve however was kidnapping across country borders. The law didn't stop gangs from Slovenia or France from kidnapping Italians and those Italian families payi

    • by gweihir ( 88907 )

      I agree. But this amounts to forcing people to start to address the mess that their IT security is. Business people do not want that because it costs money.

      • The biggest security holes are typically the human element involved. Social engineering works and will keep working.

        • by gweihir ( 88907 )

          Depends on the type of attack. For targeted attacks, sure. For "scan the whole Internet" it is bad system administration, bad software development and management that has no clue.

    • by tlhIngan ( 30335 )

      Luckily that's starting to happen with ransomware that has bugs in the encryption. That is, even if you pay the ransom, the file is trashed because the encryption key is wrong, or it's insufficient (one was caught using 4 nonces and each time it generated a new nonce it overwrote the previous one in memory, so the nonces sent to the server were the last one, rendering the file corrupt.

      With ransomware being vibe coded, there's a good chance your data is lost for good, paying up or not paying up.

      Heck, with so

  • by jd ( 1658 )

    It isn't hard to ensure that data cannot go off-site. It would seem to me that 99% of the issue has to do with managers wanting people to use personal devices and wanting to have direct access to information when off-site. In other words, this is not a tech issue, it is an attitude problem. Fix the attitude, and the problem goes away.

    Bear in mind that the Rainbow Book (at this point, an ancient relic of the past) defined ways to mark data so that it could not pass between security bounds within an OS, or pa

  • Shady operators lying to get victims to cough up money isn't new. And I'm not sure it's actually uglier.

    If somebody threatens you with a gun, but doesn't have a gun, is that worse than somebody actually shooting you with a gun, or threatening you with an actual gun?

    • If you have a fake gun that's convincing enough, then it doesn't matter if you threaten with a fake or real gun because the victim doesn't know the difference anyway. The mental toll is the same at that point. Obviously getting shot is the worse possible outcome so it's best to not let that happen, typically by complying with the assailant. I mean, your wallet or your life, easy choice just give them your damn wallet.

      • Sure, but tell me it's *worse* to have a fake gun. No, I don't think so. Maybe just as bad, but not worse.

The fancy is indeed no other than a mode of memory emancipated from the order of space and time. -- Samuel Taylor Coleridge

Working...