Zero-Day Newsletter: Cybersecurity reports, news, and insights for IT professionals
The cheekiest cybersecurity newsletter on the planet.
Cybersecurity news doesn't have to be boring. Comparitech's Zero-Day Newsletter is focused on giving IT professionals weekly updates on cybersecurity alerts, ransomware news, industry insights, and IT product recommendations.
It’s been an unhealthy week as far as ransomware goes with the confirmation of a number of significant data breaches and the emergence of more new gangs with big claims.
However, if we look at the figures for April so far, the prognosis may be improving. At the time of writing, we’ve noted 386 attacks so far this month (17 of which are confirmed). With the first three months of the year seeing an average of 736, April could be the quietest month yet.
Yes, I know, there’s still a week to go and I’ve jinxed it before…
Here to learn about new ransomware gangs? Scroll to the last section!
Healthcare takes a hit…
Not one but two healthcare companies reported significant data breaches this week.
Bell Ambulance confirmed 114,000 people were impacted in its February 2025 attack in which Medusa demanded a $400,000 ransom. And Alabama Ophthalmology Associates started issuing data breach notifications to 131,576 following an attack in January 2025, which was claimed by BianLian.
These two attacks enter the top five biggest ransomware attacks this year so far (based on records affected), with four of these being on healthcare companies:
Sanrio Entertainment Co., Ltd., Japan – 2 million affected (unknown hackers)
Utsunomiya Central Clinic, Japan – 300,000 affected (Qilin)
Central Texas Pediatric Orthopedics – 140,121 affected (Qilin)
Last week, we reported that car rental service provider Hertz had started issuing data breach notifications following the Clop Cleo vulnerability exploit. This week, we found out how many people had been impacted in total…
Over one million.
Data affected includes names, contact info, payment card info, driver’s license info, details related to workers’ compensation claims, and dates of birth. A small number of people’s Social Security numbers, government ID numbers, passport info, medicare or medicaid IDs, and injury-related info associated with vehicle accident claims may have also been affected.
Silence, please! There’s a new ransomware gang in town…
Creeping onto the ransomware scene this week were two new gangs – Silent and Gunra.
Silent may have started out with a mere two claims on two US companies (one engineering firm and one tech company) but, if proven to be true, these claims could be deadly. It alleges to have stolen a whopping 2.85 TB of data from the engineering company alone.
Meanwhile, Gunra didn’t appear to have a country-specific focus, adding a Japanese construction company, an Egyptian healthcare company, and a Panamanian food and beverage manufacturer.
Ransomware gangs are increasing in number all the time. Some are more successful than others, and some are certainly more...active than others. Based on the total number of both confirmed and unconfirmed attacks, in Q1 2025 alone, the prolific ransomware gangs were:
Clop (331)
RansomHub (224)
Akira (216)
Qilin (108)
Lynx (97)
Play (91)
and Fog (89)
RansomHub and Qilin had the most confirmed attacks out of these claims with 22 and 12, respectively. But will RansomHub and Qilin be the biggest threats in 2026 and beyond? Chances of that are a big "no." Security teams shouldn't get too comfortable. Your current tools or security software providers may claim to be up-to-date on the latest strains, but new ransomware emerges every year, multiple times a year. In 2018, for example, the most common ransomware strain was SamSam, which disappeared among confirmed attacks by 2019. Ryuk stood its place at the #1 spot just a that year, but even Ryuk was supplanted just one year later by Maze and Conti. This boils down to one, hard truth that many organizations and their security teams don't want to hear: Your risk level aligns with your attentiveness to the ransomware environment. If you aren't constantly keeping your eyes and ears open, you'll be caught sleeping while a new gang and its new toolkit sneak into your back door. Your network security practices and the software and services you use need to be as up-to-date as you are on what an attack looks like, which gangs are currently leading the market, and recognizing the signs that you may be next on their list.
Until next week. Let’s keep that zero-day count hardened at zero!
Suite 3 Falcon Court Business Centre, College Road, Maidstone, Kent ME15 6TF Unsubscribe · Preferences
The cheekiest cybersecurity newsletter on the planet.
Cybersecurity news doesn't have to be boring. Comparitech's Zero-Day Newsletter is focused on giving IT professionals weekly updates on cybersecurity alerts, ransomware news, industry insights, and IT product recommendations.