Cybersecurity Incidents Roundup: Dwindling Ransom Payments and Rising Scams
In a comprehensive weekly roundup of cybercrime incidents, the cybersecurity landscape remains tumultuous as ransomware victims are reported to be paying significantly less to cybercriminals, prompting a shift in strategies among attackers. This summary also highlights the United States’ recent sanctions against cybercrime facilitators, the emergence of scams targeting Celine Dion concert tickets, and notable data breaches, including a significant settlement involving the genetic testing company 23andMe.
Ransomware Victims Pay Less Yet Costs to Recover Surge
Victims of ransomware attacks are demonstrating a marked reluctance to pay high ransoms, which has led cybercriminal groups to innovate new methods of extortion. Reports from the cybersecurity firm ReliaQuest indicate that leading ransomware organizations, including the Deadlock and Gentlemen groups, have begun using advanced evasion techniques to enhance their operations. The latter has notably begun utilizing artificial intelligence to streamline the efficacy of their tools and recruit proficient affiliates into their illicit activities.
The analysis revealed that The Gentlemen group recorded the highest number of non-paying victims in the second quarter of 2026. While ReliaQuest identified 2,252 victims within this timeframe—an increase of 51% from the previous year—the shifting landscape indicates that cyber defenders should concentrate on attackers’ behaviors rather than merely categorizing the most active groups. Interestingly, as ransom payments decrease—with the median payment sliding to $698,000—companies still face an overwhelming average recovery cost of $1.7 million per successful attack.
Recent insights from Sophos suggest a varied willingness to pay within different sectors, with local and state governments topping the list at 72%, in contrast to only 32% in the retail space. Moreover, last year’s statistics showed a slight uptick in successful encryptions, marking a tense backdrop for victims who face increasing pressure as they navigate this perilous cyber environment.
U.S. Sanctions Against Cybercrime Enablers
In a decisive move against cybercrime, the U.S. Department of the Treasury has placed sanctions on two individuals alleged to facilitate ransomware activities. Dmytro Rashevskyi, an administrator of a VPN service known as First VPN Service, has been directly implicated for enabling ransomware groups to obfuscate their attacks and manage stolen data. Alongside him, Belarusian national Yegeniy Silayev has been accused of distributing cryptors that enable malware to evade detection.
This multinational operation, which dismantled the VPN service in May 2026, has been hailed as a significant victory in the ongoing battle against cybercrime, particularly as it has been suggested that actors leveraging these services have collectively caused billions in losses across various industries. U.S. officials emphasized that addressing such facilitators is paramount to combating the far-reaching impacts of ransomware and cyber extortion.
Dangerous Scams Target Celine Dion Fans
Amid increasing criminal activities, a new wave of scams has emerged, notably targeting fans eager for Celine Dion’s concerts in Paris. Cybercriminals have devised a sophisticated ticket fraud scheme that combines social media manipulation and counterfeit ticketing websites, undermining the anticipated excitement over the concerts. Fraudsters infiltrated Facebook groups dedicated to Dion’s fans and posed as legitimate sellers, often convincing victims to make direct bank transfers.
Researchers from Group-IB discovered that the scammers replicated numerous legitimate ticketing platforms, crafting over 20 fraudulent websites that resembled Ticketmaster and other authorized sellers. The statistics are alarming, as victims have been duped into purchasing tickets that were sold multiple times. As a preventive measure, experts advise consumers to purchase tickets only through validated sources and to remain wary of direct bank transactions with non-official sellers.
23andMe to Settle After Data Breach
Genetic testing firm 23andMe, which has recently rebranded itself under the name Chrome Holding, has agreed to pay $18 million to settle claims from 43 U.S. state attorneys general due to security shortcomings tied to a data breach in 2023. This breach compromised sensitive information of approximately 7 million individuals. As part of the settlement, identified funds are intended for distribution among affected states, highlighting the pressing need for robust security measures in the digital realm.
The settlement stems from allegations that 23andMe neglected to implement necessary security protocols, leading to prolonged exposure of sensitive data before the company reacted to enforce mandatory changes or inform affected consumers. A separate legal ruling has complicated the situation further, adding a layer of complexity to the ongoing legal proceedings and possibly limiting future claims against the firm.
Increased Concerns Over Cyber Espionage and New Malware Developments
In related cyber threats, advanced espionage techniques have also come to light, as researchers unveiled a new Chinese-linked rootkit malware known as Daxin. This formidable backdoor has reportedly been stealthily infiltrating systems in Taiwan for 13 years, showcasing the long-term threat that state-sponsored cyber activities present.
Moreover, shortly after gaining initial access, cybercriminals exploited vulnerabilities within a South Asian IT firm to deploy a ransomware variant, Spirals, underscoring how quickly attackers can transition from breach to extortion.
These developments serve as a clarion call for organizations worldwide to bolster their cybersecurity infrastructure, as the nature of cybercrime continues to evolve and challenges persist across sectors.

