CISO Security Intel

Ransomware rapid extortion & backup sabotage

Ransomware rapid extortion & backup sabotage

Key Questions

How is ransomware evolving with zero-day exploitation?

BlueHammer MS Defender zero-day is now exploited in ransomware attacks, and Check Point VPN zero-days are linked to Qilin ransomware operations.

What groups are using novel techniques like physical extortion or AI automation?

Silent Ransom Group employs physical extortion, while Jadepuffer demonstrates autonomous ransomware with AI agent-driven full lifecycle automation. ShinyHunters targets Oracle PeopleSoft at scale.

What controls are recommended to mitigate these threats?

Immutable backups, MFA, EDR, and Zero Trust architectures are emphasized to counter rapid extortion and backup sabotage tactics.

BlueHammer MS Defender zero-day now exploited in ransomware attacks (CISA KEV). Check Point VPN zero-day linked to Qilin ransomware. ShinyHunters exploiting Oracle PeopleSoft zero-day to breach 100+ orgs. Silent Ransom Group uses physical extortion. Ransomware groups using Microsoft Teams relays for initial access. Jadepuffer autonomous ransomware attack demonstrates AI agent-driven full lifecycle automation. Controls: immutable backups/MFA/EDR/ZT.

Sources (2)
Updated Jul 14, 2026