Top news stories this week
- Deactivated. LockBit ransomware developer extradited to the United States.
- Ransomware shake-up. A new decryptor has unlocked the potential for file recovery from Akira ransomware without paying ransom, while new data-extortion group NightSpire emerges.
- Unchained. Supply chain attacks target GitHub repositories while a server vulnerability affects Apache Tomcat.
- Intercepted. Danish cyber agency warns of nation-backed espionage campaigns targeting the European telecom sector.
- Critical role. New law passed in Hong Kong to protect infrastructure cyber security.
- Quantum leap? UK’s National Cyber Security Centre (NCSC) develops roadmap to protect data from quantum cyber threats.
1. LockBit ransomware developer extradited to the United States
Rostislav Panev, a dual Russian-Israeli national and key LockBit ransomware developer, was extradited to the United States after his arrest in Israel in August 2024. The US Department of Justice has accused him of creating LockBit's ransomware tools and taking part in over 2,500 attacks worldwide. Panev allegedly earned at least USD 230,000 in cryptocurrency through his involvement with LockBit.
So what?
Following LockBit's takedown by law enforcement, the US remains committed to prosecuting former gang members, many of whom have already been indicted or are wanted with bounties of USD 10 million.
[Researcher: Denisa Greconici]
2. Ransomware in flux: NightSpire arrives and Akira decryptor released
A security researcher recently created a GPU-powered decryptor for Akira ransomware, cracking its timestamp-based encryption keys to recover files without paying a ransom. The research could provide victims an avenue to recover without purchasing a decryptor from the group. To date, S-RM cannot independently validate the reliability and safety of this tool.
Separately, a new data extortion group called NightSpire emerged in early March, primarily focused on stealing data only and using their leak site to extort victims by publishing stolen information or selling the data to third parties. Although aggressive pressure tactics have been observed, the group has shown a lack of sophistication in their tactics.
So what?
These developments highlight both progress and challenges in cyber security. As the number of ransomware actors grows, businesses need to enhance data protection measures, adapt their incident response strategies, and remain vigilant to emerging threat groups like NightSpire, which, although less sophisticated, is honing its extortion techniques.
[Researcher: Lori Murphy]
3. Supply chain attacks and server vulnerabilities highlight growing risk to enterprise security
A supply chain attack targeting GitHub exposed sensitive data from 218 different projects’ code repositories. Attackers inserted malicious code into an automated tool, allowing them to extract confidential access credentials from systems where workflow logs were set to be publicly accessible. The incident underscores the ability for third-party dependencies in software development to become attack vectors.
Separately, attackers are actively exploiting an Apache Tomcat remote code execution flaw, enabling them to gain access to sensitive databases and system resources. Organisations should immediately upgrade to Apache Tomcat versions 11.0.3, 10.1.35, or 9.0.99 on affected systems, and ensure settings like writes enabled for default servlet and support for partial PUT are appropriately configured to mitigate exploitation.
So what?
Both incidents illustrate a growing attack surface introduced by software supply chains and unpatched systems. Organisations must adopt proactive security measures such as thorough vulnerability and patch management programmes and thorough access management controls to protect against evolving cyber threats.
[Researcher: Milda Petraityte]
4. Denmark warns of espionage campaigns against European telecoms sector
Denmark raises alarms over increased nation-backed cyber espionage targeting the European telecommunications sector, as outlined in a recent assessment by the Danish Civil Protection Authority (SAMSIK). Telecommunications and internet service providers are seen as key targets for cyber espionage to monitor communication patterns and potentially cause physical sabotage or destructive cyber attacks.
SO WHAT?
Organisations in the sector must bolster their cyber security defences through enhanced threat detection and monitoring, network segmentation and pro-active response planning to protect against the growing threat of nation-state targeted attacks.
[Researcher: Lena Krummeich]
5. New law passed in Hong Kong to protect infrastructure cyber security
Hong Kong lawmakers passed a bill on Wednesday 19 March that aims to ensure cyber security standards of critical infrastructure in several sectors are upheld including banking and financial services, healthcare, information technology and communications. Organisations falling into scope we be required to set up dedicated cyber security practices, regularly conduct drills and risk assessments, and report incidents within a designated timeframe.
So What?
Organisations covered under the Protection of Critical Infrastructures (Computer Systems) Bill have until the start of 2026 to prepare, failure to do so could result in substantial fines. Work with your advisors to determine whether your company falls within the scope, then prepare ahead of the implementation deadline to ensure compliance.
[Researcher: Mark Farley]
6. UK’s National Cyber Security Centre (NCSC) urges proactive action on quantum with new encryption roadmap
Thursday, the NCSC released a Post-Quantum Cryptography Migration Map to help organisations transition to quantum-resistant encryption by 2035. In anticipation of future threats posed by quantum computing, the roadmap is designed to help organisations incrementally enhance their security to protect sensitive data even after quantum computing can break existing encryption standards.
SO WHAT?
While quantum computers cannot yet crack existing encryption methods, it’s important that organisations begin preparations now to protect sensitive data from future threats. Following the NCSC’s proposed roadmap can help organisations align to established security standards and develop a structured migration strategy, reducing the risk of security gaps that could compromise data integrity.
[Researcher: Melissa DeOrio]
