We often talk about ransomware on Red Hot Cyber and criminal cyber gangs. But who invented this dangerous cyber blackmail “weapon”? Today, ransomware attacks have become familiar to most people, especially given the escalation in recent years that has targeted Italian hospitals and critical infrastructure, such as the Colonial Pipeline of the United States of America. The first ransomware in history While today ransomware attacks occur through malware injected into systems from a phishing email or a malicious exposure of a company’s administrative tools (as we saw in the article on Ransomware as a Service), the first ransomware in history was distributed

Do you remember the infamous REvil cyber gang? The Russian hacker group responsible for some of the most devastating ransomware attacks in the early days of this global threat, known for posting their criminal exploits on the popular underground forum “Happy Blog”. The Dzerzhinsky Court in St. Petersburg has convicted four more participants in the REvil (aka Sodinokibi) hacking group case, according to media reports. All those convicted were given actual prison sentences, but the defendants were released, having already served their full sentences in pre-trial detention, during the investigation and trial. REvil’s activities ceased in January 2022, after the FSB announced the

The ransomware threat landscape is constantly evolving, with increasingly structured groups adopting sophisticated strategies to maximize profits. VanHelsing is a new player positioning itself in the Ransomware-as-a-Service (RaaS) market, a model that enables even cybercriminals with limited expertise to conduct advanced attacks using an automated platform. Following the February 23, 2025 announcement on an underground forum regarding the VanHelsing RaaS affiliate program, the ransomware group has officially published its first possible victim on its Data Leak Site (DLS). Less than a month after its launch, the appearance of the first compromised organization confirms that VanHelsing is now actively operating. Although the DLS

Babuk, one of the most notorious ransomware groups in cybercrime, has launched the Babuk Locker 2.0 Affiliate Program 2025, an affiliate program for skilled hackers looking to profit from ransomware attacks. This program, published on their data leak site, introduces new advanced features and a more structured model for those wishing to join their criminal network. How the Program Works Babuk Locker 2.0 accepts affiliates from all over the world, regardless of language or origin, provided they have experience in penetration testing and compromising IT systems. Their goal is clear: maximize profits through targeted attacks and manage ransom payments more efficiently. The

During our reconnaissance into the underground world and criminal groups conducted by Red Hot Cyber’s threat intelligence laboratory DarkLab, we stumbled upon a Data Leak Site of a cyber gang never monitored before: NightSpire. NightSpire is a new ransomware group that has recently emerged on the cybercrime scene. Although no previous information is available about this actor, an analysis of their data leak site (DLS) and their communication provides some key insights into their strategy and operational methods. The group portrays itself as an unstoppable threat to businesses and promises to exploit every vulnerability to their advantage. Below, we analyze the details