Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Google's Eloquent: Offline AI Dictation Hits iOS, Android Launch Imminent

Google’s quiet release of AI Edge Eloquent marks a notable shift in how it wants people to use AI on phones: not as a cloud-first assistant,...

All the recent news you need to know
Windows 11
ChromeOS Cloud based services Cyber Security Google Microsoft Operating system Windows 11

Google Promotes ChromeOS Flex as Free Upgrade Option for Millions of Unsupported Windows 10 PCs

 





More than 500 million devices currently running Windows 10 are approaching a critical turning point, as many of them are not eligible for an upgrade to Windows 11 due to hardware limitations. This has raised growing concerns about long-term security risks once support deadlines pass. In response, Google is actively promoting an alternative, positioning its ChromeOS Flex platform as a free way to modernize aging systems.

Google states that older laptops and desktops can be converted into faster, more secure, and easier-to-manage devices by installing ChromeOS Flex. The system is cloud-based and designed to extend the usability of existing hardware without requiring users to purchase new machines. Although ChromeOS Flex has been available for some time, Google has now made adoption simpler by introducing a physical USB installation kit. Developed in partnership with Back Market, the kit allows users to install the operating system more easily. It is priced at approximately $3 or €3, is reusable, and is supported by recycling-focused efforts such as Closing the Loop to reduce electronic waste.

The timing of this push is closely linked to Microsoft’s decision to end mainstream support for Windows 10 in October 2025. That shift has forced users into a difficult position: invest in new hardware or continue using an operating system that will no longer receive full security updates. While Microsoft does offer an Extended Security Updates (ESU) program, it is only a temporary solution. For individual users, coverage extends for roughly one additional year, while enterprise customers may receive longer support under specific licensing agreements.

The transition to Windows 11 has also been slower than expected. Adoption challenges, largely driven by strict hardware requirements, have resulted in an unusually large number of users remaining on Windows 10 even after its official lifecycle milestone. This contrasts with Microsoft’s earlier expectations of a smoother migration similar to the shift from Windows 7 to Windows 10, which had seen broader and faster adoption.

Google is also emphasizing environmental considerations as part of its messaging. The company highlights that manufacturing a new laptop contributes significantly to its overall carbon footprint. By extending the lifespan of existing devices, ChromeOS Flex helps reduce landfill waste and avoids emissions associated with producing new hardware. Google further claims that ChromeOS-based systems consume around 19% less energy on average compared to similar platforms.

Despite this, switching away from Windows remains a debated decision. Many users rely on the Windows ecosystem for software compatibility, workflows, and familiarity. However, for devices that cannot support Windows 11, alternatives such as ChromeOS Flex present a practical workaround. Even in cases where users purchase new computers, older machines can still be repurposed using such operating systems, for example within households.

At the same time, Microsoft is continuing to strengthen its Windows 11 ecosystem. Devices already running Windows 11 are being automatically updated to newer versions to maintain consistent security coverage. The company is using artificial intelligence to determine when systems are ready for upgrades and applying updates accordingly. While a similar approach could theoretically be applied to Windows 10 devices that meet upgrade requirements, this has not yet been implemented. It remains uncertain whether this could change as future deadlines approach.

Recent developments have also drawn attention to user hesitation around Windows 11. Reports indicated that a recent update disrupted a key Start menu function, even as official communication suggested there were no outstanding issues. Subsequent updates and documentation now indicate that previously known bugs have been resolved, with Microsoft steadily addressing issues since the platform’s release in late 2024.

Additional reporting suggests that all known issues in the current Windows 11 version have been marked as resolved in official tracking systems. This reflects ongoing improvements, though it also underlines the complexity of maintaining stability across large-scale operating system deployments.

For enterprise users, Microsoft is extending support in more flexible ways. Certain legacy versions of Windows 10, including enterprise and IoT editions released in 2016, are eligible for additional security updates. These updates are delivered through ESU programs available via volume licensing or cloud solution providers. However, Microsoft continues to describe this as a temporary measure rather than a permanent extension.

For individual users, the situation is more restrictive. Extended Security Updates are limited in duration, and once they expire, devices will no longer receive security patches, bug fixes, or technical support. However, the continued availability of such programs suggests that support timelines may evolve depending on broader user adoption patterns.

The wider ecosystem is also seeing alternative recommendations. Some industry discussions encourage migration to Linux-based systems, while Google’s ChromeOS Flex represents a more consumer-friendly option. With hundreds of millions of devices affected, the coming months will play a crucial role in determining whether users remain within the Windows ecosystem or begin shifting toward alternative platforms.


Read more »
HubSpot
AI technology AI tools Bing AI search security Cyber Security Google search algorithm Google Search History HubSpot

AI Search Shift Causes HubSpot Traffic Drop and Forces Businesses to Rethink Digital Strategy

 

Surprisingly fast growth in AI-driven search is reshaping how people find information online. As habits shift, companies are seeing major traffic changes—HubSpot, for instance, lost nearly 140 million visits in just one year. This decline is closely tied to reduced reliance on traditional search engines, as users increasingly turn to AI tools for answers. Instead of clicking through multiple websites, people now get instant summaries, often without leaving the search page. 

This shift isn’t driven by a single factor. Search engine algorithm updates now prioritize credible, in-depth content while filtering out low-quality AI-generated material. At the same time, AI-generated overviews appear at the top of results, significantly reducing click-through rates—by as much as 60% to 70% in some cases. As a result, website traffic drops sharply when users get all the information they need upfront. 

Search behavior itself has evolved. Instead of typing short keywords, users now ask detailed, conversational questions. This forces companies to rethink how they structure their content. Traditional SEO alone is no longer enough—businesses must now optimize for AI systems that prioritize clarity, structure, and relevance over keyword density. This has led to the rise of Answer Engine Optimization (AEO), also known as generative engine optimization. 

Rather than focusing solely on search rankings, AEO ensures that AI tools can easily find, understand, and extract content. These systems, powered by large language models, favor well-organized, context-rich information that directly answers user queries. To adapt, companies like HubSpot are restructuring content into smaller, digestible sections that AI can easily pull from. While overall traffic may decline, the quality of visitors improves—those who arrive are more likely to engage and convert. 

Similarly, brands like Spice Kitchen and MKM Building Supplies are focusing on authoritative, informative content that positions them as reliable sources for AI-generated answers. Trust has become a key factor. Strong backlinks, transparent authorship, and clear, structured information all contribute to credibility. Unlike traditional search engines that relied heavily on keywords, AI systems prioritize meaning, coherence, and usefulness. Despite reduced traffic, AI-driven discovery offers advantages. 

Visitors coming through AI channels tend to be more informed and closer to making decisions, leading to higher conversion rates. These users arrive with intent, not just curiosity. Overall, AI-powered search marks a fundamental shift in digital marketing. Companies that fail to adapt risk becoming invisible, while those embracing AEO and structured content strategies can stay relevant. As AI continues to evolve, aligning content with changing user behavior will be critical for long-term success.
Read more »
Windows Zero Day
BlueHammer Vulnerability Cyber Security Endpoint security Exploit Code Release Microsoft Security Flaw NTLM Hash Theft Privilege Escalation Vulnerability management Windows Zero Day

Over 1 Billion Users Potentially Impacted by Microsoft Zero Day Exposure


 

Informally known as BlueHammer, a newly discovered Windows zero-day vulnerability has drawn attention to the cybersecurity community because of its ability to quietly hand over control to attackers. As privilege escalation flaws are not uncommon, this particular vulnerability is noteworthy because of its ability to bridge the gap between restricted access and total system control so efficiently. 

A malicious adversary who has already gained access to a device may leverage this flaw to elevate privileges to NT AUTHORITY/SYSTEM, effectively bypassing the core safeguards designed to keep damage at bay. Additionally, an exploit code that was fully functional and disclosed by a security researcher on April 3, which had not been made available for official remediation or defensive guidance, further aggravated the situation. 

The lack of a CVE, no patch, and the minimal acknowledgement from Microsoft so far indicate that BlueHammer has created a volatile window of exposure which leaves defenders without clear direction. On the other hand, threat actors face considerably lowered barriers to exploitation. 

In addition to the previous analysis, BlueHammer was found to operate as a sophisticated local privilege escalation chain integrated within the Windows Defender signature update process, rather than exploiting traditional memory safety flaws by abusing trusted system components. To trigger a race condition between the time of check and the time of use, a coordinated interaction between the Volume Shadow Copy Service, Cloud Files API, and opportunistic locking mechanisms is orchestrated. 

Using file state transition manipulations during signature updates, the exploit can access protected resources without requiring kernel-level vulnerabilities or elevated privileges. After execution, the exploit extracts the Security Account Manager database using a Volume Shadow Copy snapshot, revealing the password hashes of local accounts corresponding to the NTLM protocol. 

By utilizing these credentials, an administrator can assume administrative control, which leads to the launch of a shell in SYSTEM context. It is noteworthy that the exploit incorporates a cleaning routine that reverts back to the original password hash after execution, which minimizes the likelihood of immediate detection and complicates forensic analysis. Independent validations have confirmed the threat's credibility. The exploit chain, despite minor reliability issues in the initial proof-of-concept, is functionally sound once corrected, according to Will Dormann, Tharros' principal vulnerability analyst. 

Other researchers have demonstrated successful end-to-end compromises in subsequent tests, demonstrating that operational barriers are lowering quickly. This risk profile is heightened by the fact that there is no available patch, which leaves organizations without a direct method of remediation, and by the fact that exploit code has been published to the public, which historically accelerates the adoption of ransomware and advanced persistent threat attacks. 

In addition to standard user-level access, slightly outdated Defender signatures are required for the attack to occur, lowering the entry threshold. Further, the exploit is constructed from a series of independent primitives that can be used again after targeted fixes have been introduced, indicating a longer-term impact beyond a single vulnerability cycle. Additionally, the circumstances surrounding the disclosure have attracted public attention. 

The exploit was released publicly by a researcher operating under the alias Chaotic Eclipse, who expressed dissatisfaction with Microsoft's handling of the problem. It is evident from the accompanying statements that both frustration and intent were evident, as the researcher declined to provide detailed technical explanations but implied that experienced practitioners would be able to grasp the underlying mechanics quickly. 

Although the original codebase contained bugs affecting stability, these limitations have been addressed within the research community already. Due to these developments, what began as a partially functional demonstration has quickly evolved into a reproducible attack path, reinforcing concerns that BlueHammer may be able to go from a proof-of-concept to an active exploitation scenario for real environments. 

According to emerging details surrounding the disclosure, Microsoft had already been informed of the BlueHammer vulnerability, however, unresolved concerns in the handling process appeared to have led the researcher to release the exploit publicly without having it assigned a formal CVE. It is clear that although the published proof-of-concept initially encountered minor implementation problems, it has since proven viable for practical use. 

During independent validation by Will Dormann, the exploit was confirmed to be reliable across a variety of environments, including Windows Server deployments, where it achieved administrative control even when full SYSTEM privileges were not consistently acquired.

Using technical refinements from Cyderes' Howler Cell team, the exploit chain was executed completely after addressing the PoC inconsistencies, emphasizing the rapid decline of operational barriers associated with the exploit. It is designed to manipulate Microsoft Defender to generate a Volume Shadow Copy, and then strategically interrupt that process at a specific execution point so that sensitive registry data can be accessed before cleanup routines are activated.

Through this controlled interruption, NTLM password hashes associated with local accounts may be extracted and decrypted, followed by unauthorized alteration of administrative credentials. By using token duplication techniques, the attacker inherits administrative security tokens, elevates them to SYSTEM integrity levels, and utilizes the Windows service creation mechanism to launch a secondary payload as a result of this compromise. 

As a result of this, an active user session is initiated by launching a command shell operating under the NT AUTHORITY/SYSTEM authority. As a means of obscuring evidence, the exploit then restores the original password hash, ensuring that user credentials remain unchanged while erasing immediate indicators of compromise. 

According to security practitioners, BlueHammer represents a broader class of exploitation in which unintended combinations of legitimate system features are combined with discrete software defects to create an exploit. 

Cyderes leadership has noted that the technique weaponizes Windows functionality in such a manner that it evades conventional detection logic, and current Defender signatures appear to identify only the binary originally published. It is possible to bypass these detections by simply modifying the codebase, retaining the underlying methodology in its original form. 

Due to the absence of vendor-provided patches, defensive efforts have shifted toward behavioral monitoring, such as abnormal interactions with Volume Shadow Copy mechanisms, irregular Cloud File API activity, and unexpected creations of Windows services originating from low-privileged contexts. 

A number of additional indicators indicate potential exploitation attempts, including transient changes to local administrator passwords followed by rapid restoration. There are no confirmed reports of active in-the-wild abuse at this point, however the public availability of the exploit dramatically reduces the timeline for potential weaponization.

In the past, ransomware groups and advanced threat actors have demonstrated the capability to operationalize these disclosures within days, often integrating them into more comprehensive intrusion frameworks. 

While the requirement for local access to the network at first is a constraint, it does not pose a significant barrier to determined adversaries, who routinely gain access through credential theft, phishing campaigns, or lateral movement within compromised networks. Thus, BlueHammer should be considered a proactive exposure window, not an isolated vulnerability, highlighting the risks inherent in complex system interactions as well as the challenges associated with defending against exploitation paths that do not rely on a single, easily remediable flaw to exploit.

In the absence of immediate remediation, a containment strategy and a reduction of exposure are necessary response strategies for BlueHammer. It is recommended that security teams prioritize environments where untrusted or potentially compromised code is already running, since vulnerabilities of this nature are most effective when they have established a solid foothold. It is possible to significantly reduce the available attack surface in the short term by enforcing least-privilege enforcement, eliminating unnecessary local administrative rights, and closely inspecting anomalous privilege escalation patterns. 

Detecting subtle indicators of post-compromise activity is also critical, including irregular access to sensitive account data, unexpected privilege transitions, and processes that deviate from baselines, which indicate that a compromise has occurred. Managing risk from a broader perspective requires a clear understanding of emerging vulnerabilities and exposed assets. 

As a result of context-driven approaches that correlate newly disclosed vulnerabilities with organizational infrastructure, remediation efforts can be prioritized where they have the greatest impact rather than applying uniform responses across all systems. There is a particular need for this in scenarios where there is no immediate vendor guidance available, requiring defenders to rely on situational awareness and adaptive monitoring strategies. 

Finally, BlueHammer illustrates how a vulnerability can quickly shift from controlled disclosure to operational risk if exploit code is available in the public domain before it is properly fixed. Response timelines are compressed by these conditions, and defenders are disadvantaged, even in the absence of widespread exploitation that has been confirmed. 

Furthermore, this underscores the persistent reality of Windows security: attackers are often not required to use sophisticated remote exploits to achieve meaningful compromise in Windows. If a limited foothold is combined with a reliable escalation path, it is sufficient to take full control of the system. 

However, when that pathway becomes public without mitigations, the risk profile increases dramatically, and affected organisms must maintain a disciplined defensive posture and maintain sustained attention. It emphasizes the importance of resilience when faced with incomplete information and delayed remediation as a result of BlueHammer. 

Organizations that prioritize proactive threat hunting, adhere to strict access controls, and continuously verify system behavior against expected norms are better prepared to mitigate emerging threats in such scenarios. For limiting the impact of evolving exploitation techniques, a multilayered defensive strategy incorporating visibility, control, and rapid response is necessary rather than only relying on vendor-driven fixes.
Read more »
Ransomware
Backups Cyber Security Data Extortion Data Theft encryption system Ransomware

Why Backups Alone Can No Longer Protect Against Modern Ransomware




For a long time, ransomware incidents have followed a predictable pattern. An organization’s systems are locked, critical files become inaccessible, operations slow down or stop entirely, and leadership must decide whether to recover data from backups or pay a ransom.

That pattern still exists today, but recent findings show that the threat has evolved into multiple forms.

A recent industry report based on hundreds of real-world incident response cases reveals that attackers are increasingly moving toward a different strategy. Instead of encrypting data, many are now stealing it and using it for extortion. These “data-only” attacks have increased sharply, rising from just 2 percent of cases to 22 percent within a year, representing an elevenfold jump.

This trend is also reflected in broader industry data. The Verizon 2025 Data Breach Investigations Report treats both encrypted and non-encrypted ransomware incidents as part of a single extortion category. According to its findings, ransomware was involved in 44 percent of the breaches it studied.


Why resilience needs to be redefined

These developments highlight a critical issue. Many organizations still treat ransomware mainly as a problem of restoring operations. Their focus is often on how quickly systems can be brought back online, whether backups are secure, and how much downtime can be managed.

While these factors remain relevant, they are no longer enough to address the full scope of risk.

When attackers shift their focus from disabling systems to stealing sensitive information, the situation changes completely. The priority is no longer just restoring access to systems. Instead, organizations must immediately understand what data has been taken, who owns it, and how sensitive it is.

This includes identifying whether the exposed information involves customer records, regulated datasets, intellectual property, or internal communications. It also requires knowing where that data was stored, whether in primary systems, cloud services, third-party platforms, or legacy storage that may have been retained unnecessarily.

If leadership teams cannot quickly answer these questions, restoring systems will not prevent further damage, including regulatory consequences, reputational harm, or legal exposure.


Data theft is becoming the main objective

Additional reporting reinforces this shift. Data from Coveware shows that in the second quarter of 2025, data exfiltration occurred in 74 percent of ransomware incidents. The company noted that in many cases, stealing data has become the central objective rather than just a step before encryption.

Attackers are no longer focused only on disruption. Instead, they are aiming to maximize pressure by using stolen data as leverage.


Encryption still exists, but its role is changing

This does not mean that encryption-based attacks have disappeared. Many ransomware operations still use a “double extortion” approach, where they both lock systems and steal data.

However, the key change is that data theft alone can now be enough to force payment. This reduces the effectiveness of relying solely on backups as a defense strategy.

Organizations such as the Cybersecurity and Infrastructure Security Agency continue to stress the importance of maintaining secure and offline backups that are regularly tested. At the same time, they warn that cloud-based backups can fail if compromised data is synchronized back into the system and overwrites clean versions.

This underlines a broader reality: restoring systems is only one part of true resilience.


Moving beyond a recovery-focused mindset

The cybersecurity industry is gradually adjusting to these changes. There is a growing emphasis on protecting and understanding data, rather than focusing only on system recovery.

This reflects a more dynamic turn of events. Resilience is no longer just about recovering from an attack. It is about reducing uncertainty about data exposure before an incident occurs.

However, many organizations still measure their preparedness using disaster recovery metrics such as recovery time objectives and backup testing. Even service providers often frame ransomware readiness in these terms.

In a data-driven threat environment, a more meaningful measure of security maturity is whether an organization truly understands its data. This includes knowing where sensitive information is stored, how it moves across systems, who has access to it, and whether it needs to be retained.

Guidance from the National Institute of Standards and Technology supports this approach. Its Cybersecurity Framework 2.0 recommends maintaining detailed inventories of data, including its type, ownership, origin, and location. It also emphasizes lifecycle management, such as securely deleting unnecessary data and reducing redundant systems that increase exposure.

NIST’s incident response guidance further highlights that organizations with clear data inventories are better equipped to determine what information may have been affected during a breach.


The hidden risk of data sprawl

A major challenge for many organizations is uncontrolled data growth. Sensitive information is often copied across multiple platforms, including cloud storage, collaboration tools, shared drives, employee devices, and third-party services.

At the same time, outdated data is rarely deleted, often because responsibility for doing so is unclear. Access permissions also tend to expand over time without proper review.

As a result, organizations may appear prepared due to strong backup systems, while actually carrying significant hidden risk due to poorly managed data.


The bigger strategic lesson

The key takeaway is not that backups are unimportant. They remain a critical part of cybersecurity. However, they solve a different problem.

Backups help restore systems after disruption. They do not protect against the consequences of stolen data, such as loss of confidentiality, reputational damage, or reduced negotiating power during an extortion attempt.

To address modern threats, resilience must become more focused on data. This includes better classification of sensitive information, stronger access controls, improved visibility across cloud and third-party systems, and stricter data retention practices to reduce unnecessary exposure.

Organizations also need to communicate more clearly with leadership and stakeholders about the difference between operational recovery and true resilience.

Ultimately, the organizations best prepared for modern ransomware are not just those that can recover quickly, but those that already understand their data well enough to respond immediately.

In today’s environment, the gap between having backups and truly understanding data is where attackers gain their advantage.

Read more »
Windows security update
Microsoft Secure Boot Secure Boot certificates expiry Technology Windows 10 ESU Windows security update

Microsoft Introduces Secure Boot Status Dashboard Ahead of Certificate Expiry

 

Microsoft is preparing for the upcoming expiration of its original 2011 Secure Boot certificates, set for June 2026, by introducing a new Secure Boot status dashboard within Windows. This feature is designed to help users verify whether their systems remain protected during startup.

Beginning this month, the dashboard will be integrated into the Windows Security app. Users will find a Secure Boot status indicator under the Device security section, specifically within Secure Boot settings.

"The Windows Security app now shows whether your device has received these updates, what your current status is, and whether any action is needed," Microsoft says on a new support page.

The indicator will display three possible statuses. A green badge confirms that the system has received the necessary updates. A yellow badge signals a recommendation from Microsoft, often suggesting a firmware update to install the latest certificates. A red badge indicates that the device is unable to receive the updated Secure Boot certificates.

“This state appears only after a security vulnerability that affects the boot process is discovered and cannot be serviced on devices that have not yet received the updated certificates. This could occur as early as June 2026, when some of the current Secure Boot certificates begin to expire,” the company says.

In addition to the visual indicators, Microsoft will provide detailed guidance within the dashboard, advising users on steps to resolve issues. These may include updating the Windows operating system or contacting the device manufacturer.

Secure Boot plays a critical role in ensuring that only trusted software runs during the startup process, protecting systems from persistent malware that can survive OS reinstalls. However, many devices are still running Windows 10, which reached end of support in October and no longer receives standard security updates.

Earlier this year, Microsoft cautioned that such unsupported Windows 10 systems would not receive the new Secure Boot certificates. The only exception applies to devices enrolled in the Windows 10 Extended Security Updates (ESU) program, which offers limited continued protection.

Microsoft confirmed that the new Secure Boot status indicator will be available only on Windows 10 ESU systems and Windows 11 devices. Systems running unsupported versions of Windows 10 should assume their certificates will begin expiring from June onward.

For eligible systems, the updated certificates are expected to be delivered automatically through routine monthly updates. However, some devices may still require a separate firmware update from the PC or motherboard manufacturer before the certificates can be applied—hence the yellow and red warnings.

Even if a system does not receive the updated certificates, it will continue to function. However, Microsoft cautions: “The device will enter a degraded security state that limits its ability to receive future boot-level protections,” leaving it vulnerable to potential “boot-level vulnerabilities” that attackers could exploit.

Users facing a red status will also have the option to proceed without taking action by selecting “I accept the risks, don’t remind me.”

Microsoft plans to expand alerts related to Secure Boot beyond the Windows Security app. “Beginning in May 2026, additional improvements will become available, including notifications outside the app (such as system alerts) and additional in-app guidance and controls to help you respond to Secure Boot warnings.”
Read more »
Germany
Criminal Gang Cyber Attacks Cyber Security Ransomware Attacks GandCrab Germany

German Authorities Identify Leaders Behind GandCrab and REvil Ransomware Operations

 

Two individuals believed to be central figures in major ransomware campaigns have been named by German authorities. The BKA points to Russians Daniil Maksimovich Shchukin and Anatoly Sergeevitsh Kravchuk as driving forces behind GandCrab and REvil during a period spanning 2019 into 2021. While operating under digital cover, their alleged involvement links them directly to widespread cyberattacks across multiple regions. 

Investigations suggest coordination patterns typical of structured criminal networks rather than isolated actors. Despite shifting online tactics, traces led back through financial flows and communication trails. Charges stem from activities that disrupted businesses globally before takedowns began reducing impact. Evidence compiled over months contributed to international cooperation efforts targeting infrastructure used. Though both remain at large, legal proceedings continue under European warrant systems. 

Allegedly, the pair coordinated global ransomware campaigns, hitting businesses across continents - among them, 130 incidents focused on German firms. Though payouts from those in Germany reached approximately $2.2 million, officials suggest total economic harm went far beyond, surpassing $40 million overall. Early in 2018 came GandCrab, rapidly rising as a dominant ransomware-for-hire platform. 

Affiliates ran attacks - profits split with central creators. Midway through 2019, the crew declared an end, boasting huge earnings. Not long afterward, REvil appeared, thought to stem from the same minds once behind GandCrab. Among cybercrime networks, REvil pushed further than most - adding tricks like leaking hacked files online or selling them off in secret bidding rounds. 

Not long after, headlines followed: Acer found itself under siege, then came the ripple chaos from Kaseya's breach, spreading across around 1,500 businesses tied into its systems. After the Kaseya incident, global police forces stepped up pressure on REvil. Through coordinated moves, they weakened key systems tied to the gang while tracking activity behind the scenes - this surveillance helped secure detentions in Russia by early 2022. Still, no clear trace has surfaced for Shchukin or Kravchuk since then. 

Now thought to be living in Russia, the suspects have prompted German officials to ask citizens for help finding their whereabouts. Appearing on Europe’s most wanted list, they come with photos plus notable physical traits meant to aid recognition. Tracking down these suspects represents progress toward holding key figures accountable in large-scale ransomware operations. 

Still, obstacles remain in bringing hackers to justice when they operate beyond borders - especially in areas where legal handover agreements are weak or absent.
Read more »
Subscribe to: Comments (Atom)

Featured