Zero-Day Newsletter: Cybersecurity reports, news, and insights for IT professionals

Cybersecurity news doesn't have to be boring. Comparitech's Zero-Day Newsletter is focused on giving IT professionals weekly updates on cybersecurity alerts, ransomware news, industry insights, and IT product recommendations.

Mar 06 • 3 min read

The latest ransomware surge—what IT pros need to know


Marching into a quieter month…?

Today sees the release of our monthly ransomware roundup, and for a month that only has 28 days, it sure was eventful!

Throughout February 2025, we saw 959 attacks in total, which is nearly double the figure we noted in January 2025 (512 in total). 41 of February’s attacks were confirmed by the targets involved (e.g., through a data breach notification or company press release).

99 attacks have been noted throughout March so far (three are confirmed), which, by our math, means we’re on track for a much quieter month. Of course, anything can happen, but as Clop’s bulk release of Cleo 300+ victims fell into February, you’d like to think things will calm down a bit again this month.

We’ve just jinxed it again, haven’t we?

February 13 – unlucky for some

On February 13, Bell Ambulance (Wisconsin) notified employees that it had suffered a “cybersecurity event” on its systems. Fast forward to March 2, and Medusa is claiming the attack with a $400,000 ransom. The group alleged it had stolen 220 GB of data.

Interestingly, as we note in our February roundup, Medusa has been behind the most attacks on healthcare organizations recently (three out of seven confirmed attacks in February alone). Out of the three, Bell Ambulance got off ‘lightly’ when it came to its ransom as SimonMed Imaging (US) faced a $1 million ransom while the UK’s HCRG Care Group was hit with one of $2 million (and the potential theft of a whopping 2.3 TB of data).

Paving the way for hefty ransom demands

Talking of big ransom demands… This week, Santa Ana construction company System Pavers confirmed its systems were impacted in a cyber attack in September 2024 and started to notify people of a data breach.

Medusa had previously posted the company to its data leak site in October 2024, demanding $1 million for the stolen data.

Extra! Extra! Read all about it!

Remember the vague SEC filing from Lee Enterprises, which used any possible word but “ransomware” to describe its, erm, ransomware attack? Well, the final nail in the coffin came on February 27, when Qilin posted the company to its data leak site.

Qilin claims to have stolen 350 GB of data–something Lee Enterprises is investigating as we speak.

Don't let your weakest link lock you into a lasting legacy

As accounting firm Legacy Professionals, LLP began notifying 191,000 people of a data breach following an attack via LockBit, it not only highlights the need for better employee security training, but also the need to make difficult staffing choices.

In a recent post on /r/sysadmin, user festiveboat007 highlighted the danger of the "weakest link" employee:

"A user at our company failed a phishing test and replied to the email, " When I click the link it says "Oops you've clicked on a simulated phishing test" please resend the link". The title says it all, I wish I was joking. Also after checking the reports, the user had failed 10 out of the past 12 phishing tests.

Your company's cybersecurity posture is only as strong as your weakest link. Far too often, that weak link is an employee who just doesn't seem to get it. Sooner or later, that employee will be the victim of a phishing attempt that compromises your entire organization and costs you millions.

That begs the question: What do you do?

More training is an option. But if that employee doesn't seem to improve, you may need to take more drastic measure, such as removing their access to sensitive systems, disallowing them the use of company-owned computer equipment, or even firing them.

That last one may seem harsh, but it's also a harsh reality of maintaining adequate cybersecurity practices. One employee is all it takes to ruin your day (or month, or year, or century). Sending an employee packing for being a security threat feels bad, but it's also the most logical action you can take when you have a weak link.

Until next week. Let’s keep that zero-day count hardened at zero!

Suite 3 Falcon Court Business Centre, College Road, Maidstone, Kent ME15 6TF
Unsubscribe · Preferences


Cybersecurity news doesn't have to be boring. Comparitech's Zero-Day Newsletter is focused on giving IT professionals weekly updates on cybersecurity alerts, ransomware news, industry insights, and IT product recommendations.


Read next ...