An overview of ransomware threats in Japan in 2025 and early detection insights from Qilin cases
There were 134 ransomware incidents reported in Japan in 2025, representing a 17.5% year-over-year increase from 2024.
Uncovering Qilin attack methods exposed through multiple cases
Cisco Talos investigated the Qilin ransomware group, uncovering its frequent attacks on the manufacturing sector, use of legitimate tools for credential theft and data exfiltration, and sophisticated methods for lateral movement, evasion, and persistence.
Unmasking the new Chaos RaaS group attacks
Cisco Talos Incident Response (Talos IR) recently observed attacks by Chaos, a relatively new ransomware-as-a-service (RaaS) group conducting big-game hunting and double extortion attacks.
Talos IR ransomware engagements and the significance of timeliness in incident response
The decision between immediate action and delayed response made the difference between ransomware prevention and complete encryption in these two real-world Talos IR engagements.
Exploring vulnerable Windows drivers
This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos’ series of posts about malicious Windows drivers.
Akira ransomware continues to evolve
As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group's attack chain, targeted verticals, and potential future TTPs.
BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks
In recent investigations, Talos Incident Response has observed the BlackByte ransomware group using techniques that depart from their established tradecraft. Read the full analysis.
Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs
Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers.
TimbreStealer campaign targets Mexican users with financial lures
Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023.