HIGHRansomware
Global

New ‘JanaWare’ ransomware targeting Turkish citizens as cybercriminal ecosystem fragments

·Source: The Record

Updated:

Executive Summary

The researchers said the ransomware operation has been ongoing since 2020 and is associated with a strain of malware that enforces execution constraints based on system locale and external IP geolocation.

Analysis

The researchers said the ransomware operation has been ongoing since 2020 and is associated with a strain of malware that enforces execution constraints based on system locale and external IP geolocation.
Source Attribution

Originally published by The Record on Apr 14, 2026.

Related Threats

HIGHRansomware

Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)

Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders. The post Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17) appeared first on Unit 42 .

Unit 42 (Palo Alto)
HIGHRansomware

Payouts King ransomware uses QEMU VMs to bypass endpoint security

The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. [...]

BleepingComputer
HIGHRansomware

Ransomware attack continues to disrupt healthcare in London nearly two years later

More than 18 months after a ransomware attack disrupted care at hospitals in South East London, documents show at least one NHS trust is still working without fully restored systems and managing large backlogs of delayed test results.

The Record