banner ad
Event Calendar Event List It's Showtime!
Online Flipbook Archives Breaking News Advisory Board Street Smarts Legacy HTML
Banner Ads Skyscraper Ads Paperless Ads Forum Ads
bluu Merchants Bancard Network Inc. North
Dashboard Ad Specifications Production Dates Rate Card
News From the Wire

17:25:21 (UTC) 01-30-2026

OnePay names Patrick O'Connell Chief Financial Officer

17:21:26 (UTC) 01-30-2026

Bybit unveils 2026 vision as 'The New Financial Platform'

17:18:56 (UTC) 01-30-2026

HSM market growing at 10% CAGR to hit $3.51B by 2031

17:08:38 (UTC) 01-30-2026

Mesh secures $75M Series C, reaches $1B valuation

17:06:30 (UTC) 01-30-2026

US consumer confidence fell sharply in January

17:05:08 (UTC) 01-30-2026

XBITU named leading crypto wallet after Apple Pay Crypto Payments launch

17:02:54 (UTC) 01-30-2026

In China, the most cutting-edge AI is stepping into everyday life, China.org.cn finds

17:00:56 (UTC) 01-30-2026

Verisave launches credit card processing fee optimization for professional services

News from the Wire

Ransomware gangs recruit malicious insiders as attacks surge over holidays

Friday, January 30, 2026 — 16:49:03 (UTC)

Ransomware Gangs Recruit Malicious Insiders as Attacks Surge Over Holidays Ransomware levels rose for the fourth consecutive month in December 2025, increasing by 13% to total 783 attacks

Industrials accounted for 29% of ransomware attacks in December

Qilin was responsible for 22% of all attacks in December 2025, with 92 (12%) more attacks than its closest follower, Akira

Manchester, UK, January 29, 2026 – Cyber crime is increasingly operating as an organized industry, according to NCC Group’s latest Cyber Threat Intelligence Report, with ransomware-as-a-service (RaaS) gangs adopting structured affiliate models and actively recruiting malicious insiders and cyber security professionals. The shift comes as ransomware activity rose by 13% month-on-month in December 2025, alongside growing evidence of professionalisation across the ransomware ecosystem. This aligns with annual seasonal rise in activity, as RaaS gangs target understaffed companies during the holiday period.

RaaS gangs increasingly view employees, contractors and trusted partners as gateways into organizations. By recruiting insiders, criminals gain legitimate access to credentials, systems and internal processes, allowing them to bypass security controls. Employees with wide-ranging access, particularly in IT and technical roles, are common targets, as a single compromised account can open multiple pathways across modern digital environments.

NCC Group’s report shows that strong financial incentives are a key driver of insider recruitment, with ransomware groups offering large commissions and promised anonymity to encourage collaboration.

A clear example of this model in action was reported in September 2025, when the Medusa ransomware gang attempted to recruit a BBC employee, offering 15% of a future ransomware payment in exchange for access to internal systems. When the approach failed, the offer was increased to 25%, highlighting both the financial leverage being used and the strategic value placed on insider access.

Matt Hull, VP of Cyber Intelligence and Response at NCC Group, said “Targeting high-profile organizations like the BBC is both financially attractive and commercially strategic. Even limited success against a well-known brand can generate notoriety and credibility, helping groups attract future affiliates and opportunities. Well-resourced groups like Medusa and Qilin can afford to use financial incentives to attract insiders, but smaller gangs often lack the means to compete.

“For organizations, this shifts the focus from purely technical defence to human risk management. Insider threat programmes, strong access governance and robust offboarding processes are critical to reducing the risk that current or former employees become part of the ransomware supply chain.”

The report also notes that employees are not the only individuals being recruited into ransomware operations. In December 2025, two cyber security professionals pleaded guilty to collaborating with BlackCat/ALPHV, admitting their involvement in a series of ransomware attacks against five US-based organizations, including companies in the healthcare and manufacturing sectors.

The case is believed to be one of the first documented examples of cyber professionals using their technical expertise, industry knowledge and operational understanding of security processes to directly support RaaS activity. Strong financial incentives are likely to have been a key motivator, alongside broader pressures such as rising living costs and dissatisfaction with pay, which can increase vulnerability to collusion.

Hull added: “Ransomware has evolved into an organized business model. These groups now think in terms of recruitment, incentives, scale and growth, rather than just attacks.

“What’s striking is that these tactics aren’t new. Trust, deception, social engineering and financial pressure have always worked, they’re just being organized and scaled in new ways. The recruitment of cyber security professionals shows how far this has gone: Ransomware groups are exploiting expertise, access and human trust to operate like structured criminal enterprises.”

Additionally, the report finds:

Consumer Discretionary accounted for 22% of ransomware attacks in December, and Information Technology 10%

And North America accounted for half of all attacks in December 2025.

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.

Source: Company press release.

Categories: Reports and research

skyscraper ad
  • Home
  • Forums
  • Emagazine
  • Flipbook
  • News From the Wire
  • Breaking News
  • Ad Page
  • Podcasts
  • Calendar of Events
  • Community Voices
  • Resource Guide
  • Advisory Board

    • © 1983-2026 The Green Sheet, Inc.