<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Ransomware on CuraSec</title><link>https://curasec.metacog.co.kr/tags/ransomware/</link><description>Recent content in Ransomware on CuraSec</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sat, 11 Jul 2026 11:49:48 +0000</lastBuildDate><atom:link href="https://curasec.metacog.co.kr/tags/ransomware/index.xml" rel="self" type="application/rss+xml"/><item><title>Former ransomware negotiator sentenced 70 months for BlackCat attacks</title><link>https://curasec.metacog.co.kr/insights/2026-07-11-former-ransomware-negotiator-gets-4-years-for-blackcat-attac/</link><pubDate>Sat, 11 Jul 2026 11:49:48 +0000</pubDate><guid>https://curasec.metacog.co.kr/insights/2026-07-11-former-ransomware-negotiator-gets-4-years-for-blackcat-attac/</guid><description>&lt;ul>
&lt;li>&lt;strong>Engineer — Skip&lt;/strong>&lt;/li>
&lt;li>&lt;strong>SOC/IR — Learn:&lt;/strong> Insider-threat angle is notable: attacker was a trusted IR professional with access to victim environments, illustrating how responders can become adversaries — relevant context for vetting IR vendors and monitoring privileged access during incidents.&lt;/li>
&lt;li>&lt;strong>Leader — Learn:&lt;/strong> The case highlights vendor-risk and insider-threat exposure when engaging external IR firms — useful framing for board discussions on third-party access controls and contractual accountability during incident response engagements.&lt;/li>
&lt;/ul></description></item><item><title>Ryuk ransomware member pleads guilty, faces 15-year sentence</title><link>https://curasec.metacog.co.kr/insights/2026-07-11-ryuk-ransomware-member-pleads-guilty-in-the-us-faces-15-year/</link><pubDate>Sat, 11 Jul 2026 11:49:48 +0000</pubDate><guid>https://curasec.metacog.co.kr/insights/2026-07-11-ryuk-ransomware-member-pleads-guilty-in-the-us-faces-15-year/</guid><description>&lt;ul>
&lt;li>&lt;strong>Engineer — Skip&lt;/strong>&lt;/li>
&lt;li>&lt;strong>SOC/IR — Learn:&lt;/strong> A Ryuk operator&amp;rsquo;s prosecution provides retrospective context on the group&amp;rsquo;s operations, but no new IOCs or TTPs are disclosed, so no detection or hunt work is actionable here.&lt;/li>
&lt;li>&lt;strong>Leader — Learn:&lt;/strong> A guilty plea in a major ransomware case is useful context for board discussions on ransomware risk and law enforcement deterrence, but requires no immediate organizational action.&lt;/li>
&lt;/ul></description></item><item><title>Unit 42 Profiles The Gentlemen Ransomware Affiliate Operation</title><link>https://curasec.metacog.co.kr/insights/2026-07-11-no-manners-here-the-ruthless-rise-of-the-gentlemen-ransomwar/</link><pubDate>Sat, 11 Jul 2026 11:49:48 +0000</pubDate><guid>https://curasec.metacog.co.kr/insights/2026-07-11-no-manners-here-the-ruthless-rise-of-the-gentlemen-ransomwar/</guid><description>&lt;ul>
&lt;li>&lt;strong>Engineer — Learn:&lt;/strong> Emerging affiliate-model ransomware group worth tracking for context, but the summary provides no specific vulnerabilities, affected software, or configuration actions to take today.&lt;/li>
&lt;li>&lt;strong>SOC/IR — Learn:&lt;/strong> New ransomware actor profile worth adding to analyst awareness, but no IOCs, TTPs, or ATT&amp;amp;CK mappings are surfaced in this summary — check the full Unit 42 report for any huntable indicators before queuing detection work.&lt;/li>
&lt;li>&lt;strong>Leader — Learn:&lt;/strong> Affiliate-model ransomware groups expand attack surface broadly; file as emerging threat context for future risk register review, but the thin summary offers no sector-specific targeting data warranting immediate leadership action.&lt;/li>
&lt;/ul></description></item></channel></rss>