Allan “Ransomware Sommelier” Liska
@ransomwaresommelier.com
Recorded Future - Ransomware Researcher
Owner @greenarcher.io - Yours Truly, Johnny Dollar | The Press Guardian | The Clock | The Green Archer
Weird mix of security, comics, photography and wine!
www.greenarcher.io
Owner @greenarcher.io - Yours Truly, Johnny Dollar | The Press Guardian | The Clock | The Green Archer
Weird mix of security, comics, photography and wine!
www.greenarcher.io
Government funding bill temporarily revives cybersecurity information-sharing law
via @ericjgeller.com & @cybersecuritydive.bsky.social
via @ericjgeller.com & @cybersecuritydive.bsky.social
Government funding bill temporarily revives cybersecurity information-sharing law
The spending legislation passed by Congress will reauthorize the CISA 2015 program through the end of January.
www.cybersecuritydive.com
November 13, 2025 at 5:35 PM
Government funding bill temporarily revives cybersecurity information-sharing law
via @ericjgeller.com & @cybersecuritydive.bsky.social
via @ericjgeller.com & @cybersecuritydive.bsky.social
Operation Endgame: Police reveal takedowns of three key cybercrime tools.
via @alexmartin.bsky.social & @therecordmedia.bsky.social
via @alexmartin.bsky.social & @therecordmedia.bsky.social
Operation Endgame: Police reveal takedowns of three key cybercrime tools
The Rhadamanthys infostealer, the VenomRAT remote access trojan and the Elysium botnet were targeted in the latest phase of the international police action known as Operation Endgame.
therecord.media
November 13, 2025 at 1:11 PM
Operation Endgame: Police reveal takedowns of three key cybercrime tools.
via @alexmartin.bsky.social & @therecordmedia.bsky.social
via @alexmartin.bsky.social & @therecordmedia.bsky.social
Reposted by Allan “Ransomware Sommelier” Liska
Extraordinary day and historic for the wrong reasons - a cyber attack featured in the GDP figures
November 13, 2025 at 12:20 PM
Extraordinary day and historic for the wrong reasons - a cyber attack featured in the GDP figures
A quick musical interlude that feels appropriate this week… @annereburn.bsky.social singing 9-5 from a couple of years ago.
9 to 5 - Dolly Parton (Cover)
YouTube video by Anne Reburn
youtu.be
November 12, 2025 at 5:44 PM
A quick musical interlude that feels appropriate this week… @annereburn.bsky.social singing 9-5 from a couple of years ago.
This is good news! I don’t think people realize how easy it is to get started in delivering malware.
Rhadamanthys was $299 a month, so for less than a car payment for most people you could potentially collect hundreds of thousands of emails/credit card numbers/wallets a month.
Rhadamanthys was $299 a month, so for less than a car payment for most people you could potentially collect hundreds of thousands of emails/credit card numbers/wallets a month.
Rhadamanthys infostealer disrupted as cybercriminals lose server access
The Rhadamanthys infostealer operation has been disrupted, with numerous "customers" of the malware-as-a-service reporting that they no longer have access to their servers.
www.bleepingcomputer.com
November 12, 2025 at 1:38 PM
This is good news! I don’t think people realize how easy it is to get started in delivering malware.
Rhadamanthys was $299 a month, so for less than a car payment for most people you could potentially collect hundreds of thousands of emails/credit card numbers/wallets a month.
Rhadamanthys was $299 a month, so for less than a car payment for most people you could potentially collect hundreds of thousands of emails/credit card numbers/wallets a month.
Reposted by Allan “Ransomware Sommelier” Liska
New threat, Kazu ransomware. @ecrime.ch has new information on this threat actor. Kazu has claimed ~35 mostly public sector victims across Latin America, the Middle East, and Asia. 👀 cc @gate15.bsky.social @ransomwaresommelier.com @silascutler.bsky.social #cybersecurity #ransomware
New claim on the shame-site for #ransomware / #datatheft group #Kazu.
Organization: Department of Agricultural Extension
Location: #Thailand
Industry: #GovernmentAdministration
Staff: 10,001+ employees
Learn more: https://ecrime.ch/
Organization: Department of Agricultural Extension
Location: #Thailand
Industry: #GovernmentAdministration
Staff: 10,001+ employees
Learn more: https://ecrime.ch/
November 12, 2025 at 11:38 AM
New threat, Kazu ransomware. @ecrime.ch has new information on this threat actor. Kazu has claimed ~35 mostly public sector victims across Latin America, the Middle East, and Asia. 👀 cc @gate15.bsky.social @ransomwaresommelier.com @silascutler.bsky.social #cybersecurity #ransomware
Jesus Christ, I want to make a Giloiagn’s Island joke but this is horrible.
Milan prosecutors investigate alleged ‘sniper tourism’ during Bosnian war
Milan prosecutors investigate alleged ‘sniper tourism’ during Bosnian war
Milan prosecutors investigate alleged ‘sniper tourism’ during Bosnian war
Groups from Italy and elsewhere alleged to have paid Serb soldiers to shoot Sarajevo residents during siege
www.theguardian.com
November 11, 2025 at 11:07 PM
Jesus Christ, I want to make a Giloiagn’s Island joke but this is horrible.
Milan prosecutors investigate alleged ‘sniper tourism’ during Bosnian war
Milan prosecutors investigate alleged ‘sniper tourism’ during Bosnian war
Unfortunately, I can't be there in person...but if you are in North Carolina this weekend, I highly recommend stopping by #indigipopx and picking a copy of The Clock.
There will be so many amazing Indigenous creators there! Follow along with all the activities at @redpopnews.bsky.social
There will be so many amazing Indigenous creators there! Follow along with all the activities at @redpopnews.bsky.social
We are very proud to be sponsoring this year's #indigipopx at Duke University! Our favorite writer, @weyodi.bsky.social will be there selling copies of The Clock #1!
Pick up your copy of the first NTP-powered super hero comic and talk to Weyodi about her plans for the rest of the story!
Pick up your copy of the first NTP-powered super hero comic and talk to Weyodi about her plans for the rest of the story!
November 11, 2025 at 5:07 PM
Unfortunately, I can't be there in person...but if you are in North Carolina this weekend, I highly recommend stopping by #indigipopx and picking a copy of The Clock.
There will be so many amazing Indigenous creators there! Follow along with all the activities at @redpopnews.bsky.social
There will be so many amazing Indigenous creators there! Follow along with all the activities at @redpopnews.bsky.social
Reposted by Allan “Ransomware Sommelier” Liska
NEWS: The UK is no longer sharing intelligence with the US about suspected drug trafficking vessels in the Caribbean because it does not want to be complicit in US military strikes and believes the attacks are illegal, sources familiar with the matter told CNN. edition.cnn.com/2025/11/11/p...
Exclusive: UK suspends some intelligence sharing with US over boat strike concerns in major break | CNN Politics
The United Kingdom is no longer sharing intelligence with the US about suspected drug trafficking vessels in the Caribbean because it does not want to be complicit in US military strikes and believes ...
edition.cnn.com
November 11, 2025 at 3:06 PM
NEWS: The UK is no longer sharing intelligence with the US about suspected drug trafficking vessels in the Caribbean because it does not want to be complicit in US military strikes and believes the attacks are illegal, sources familiar with the matter told CNN. edition.cnn.com/2025/11/11/p...
Russian hacker to plead guilty to aiding Yanluowang ransomware group
via @jgreig.bsky.social & @therecordmedia.bsky.social
via @jgreig.bsky.social & @therecordmedia.bsky.social
Russian hacker to plead guilty to aiding Yanluowang ransomware group
Court documents show evidence proving Volkov served as an initial access broker for the ransomware gang — breaking into the network of victims and then offering his access for a percentage of the rans...
therecord.media
November 11, 2025 at 3:15 PM
Russian hacker to plead guilty to aiding Yanluowang ransomware group
via @jgreig.bsky.social & @therecordmedia.bsky.social
via @jgreig.bsky.social & @therecordmedia.bsky.social
Short-term renewal of cyber information sharing law appears in bill to end shutdown
via @martinmatishak.bsky.social & @therecordmedia.bsky.social
via @martinmatishak.bsky.social & @therecordmedia.bsky.social
Short-term renewal of cyber information sharing law appears in bill to end shutdown
An expired 2015 law that gives companies liability protection when they share cyberthreat information with the federal government would be renewed through January 30 under Senate legislation to end th...
therecord.media
November 10, 2025 at 2:53 PM
Short-term renewal of cyber information sharing law appears in bill to end shutdown
via @martinmatishak.bsky.social & @therecordmedia.bsky.social
via @martinmatishak.bsky.social & @therecordmedia.bsky.social
Flying from SFO to IAD during Sunday Night Football and the plane does not have a scream room. @amandagodsey.bsky.social I think you should report on this travesty.
a young boy wearing a soccer jersey is screaming in a crowd of people .
ALT: a young boy wearing a soccer jersey is screaming in a crowd of people .
media.tenor.com
November 10, 2025 at 12:20 AM
Flying from SFO to IAD during Sunday Night Football and the plane does not have a scream room. @amandagodsey.bsky.social I think you should report on this travesty.
Monterey airport has a lovely outdoor seating area where you can have a drink and watch the planes take off…
November 9, 2025 at 9:23 PM
Monterey airport has a lovely outdoor seating area where you can have a drink and watch the planes take off…
Reposted by Allan “Ransomware Sommelier” Liska
Editor: We need more clock puns!
Writer: What if I fit FIVE into one panel?
Editor: kid! You got moxie, I’ll give you that! If you fit five in one panel there’ll be an extra $2 in your paycheck!
Writer: A whole deuce? Watch me work!
Writer: What if I fit FIVE into one panel?
Editor: kid! You got moxie, I’ll give you that! If you fit five in one panel there’ll be an extra $2 in your paycheck!
Writer: A whole deuce? Watch me work!
November 9, 2025 at 8:14 PM
Editor: We need more clock puns!
Writer: What if I fit FIVE into one panel?
Editor: kid! You got moxie, I’ll give you that! If you fit five in one panel there’ll be an extra $2 in your paycheck!
Writer: A whole deuce? Watch me work!
Writer: What if I fit FIVE into one panel?
Editor: kid! You got moxie, I’ll give you that! If you fit five in one panel there’ll be an extra $2 in your paycheck!
Writer: A whole deuce? Watch me work!
Normally, I read through @zackwhittaker.com newsletter on Sunday and find a couple of things I missed, but with my travel schedule this week I missed a lot...thanks for catching me up Zack!
And, hopefully, you all are reading and subscribing to his newsletter as well!
And, hopefully, you all are reading and subscribing to his newsletter as well!
this week in security — november 9 2025 edition
SonicWall blames nation-state for theft of firewall backups, CBO hacked, Korea Telecom covered up hacks, North Korea's remote IT workers' scheme, and more.
this.weekinsecurity.com
November 9, 2025 at 4:28 PM
Normally, I read through @zackwhittaker.com newsletter on Sunday and find a couple of things I missed, but with my travel schedule this week I missed a lot...thanks for catching me up Zack!
And, hopefully, you all are reading and subscribing to his newsletter as well!
And, hopefully, you all are reading and subscribing to his newsletter as well!
Folks! This is big!
We have a full blown trilogy in our BAFTA-nominated series: Today’s interesting newly registered ransomware-themed domain name:
ransomware-response-team[.]com
Critics will be debating for years which one of these is the best, but I think we all know the answer…
We have a full blown trilogy in our BAFTA-nominated series: Today’s interesting newly registered ransomware-themed domain name:
ransomware-response-team[.]com
Critics will be debating for years which one of these is the best, but I think we all know the answer…
November 9, 2025 at 3:29 PM
Folks! This is big!
We have a full blown trilogy in our BAFTA-nominated series: Today’s interesting newly registered ransomware-themed domain name:
ransomware-response-team[.]com
Critics will be debating for years which one of these is the best, but I think we all know the answer…
We have a full blown trilogy in our BAFTA-nominated series: Today’s interesting newly registered ransomware-themed domain name:
ransomware-response-team[.]com
Critics will be debating for years which one of these is the best, but I think we all know the answer…
I hope someone makes a statue of me just like this one day…sitting on a corner, playing my according, being happy.
November 9, 2025 at 3:18 AM
I hope someone makes a statue of me just like this one day…sitting on a corner, playing my according, being happy.
This is all terrible.
But, if we get a sequel to Planes, Trains and Automobiles out of it that would be pretty amazing!
But, if we get a sequel to Planes, Trains and Automobiles out of it that would be pretty amazing!
November 7, 2025 at 7:40 PM
This is all terrible.
But, if we get a sequel to Planes, Trains and Automobiles out of it that would be pretty amazing!
But, if we get a sequel to Planes, Trains and Automobiles out of it that would be pretty amazing!
Nevada ransomware attack traced back to malware download by employee
Nevada ransomware attack traced back to malware download by employee
The state refused to pay a ransom and recovered 90% of the impacted data.
www.cybersecuritydive.com
November 7, 2025 at 7:37 PM
Nevada ransomware attack traced back to malware download by employee
For a minute I thought @theonion.com was talking about ransomware.
Ransom Notes Really Starting To Pile Up https://theonion.com/ransom-notes-really-starting-to-pile-up/
November 7, 2025 at 7:06 PM
For a minute I thought @theonion.com was talking about ransomware.
China sentences 5 Myanmar scam kingpins to death
via @jreddjourno.bsky.social & @therecordmedia.bsky.social
via @jreddjourno.bsky.social & @therecordmedia.bsky.social
China sentences 5 Myanmar scam kingpins to death
Five others were handed life sentences, while nine of the accused were handed prison sentences of three to 20 years.
therecord.media
November 6, 2025 at 6:43 PM
China sentences 5 Myanmar scam kingpins to death
via @jreddjourno.bsky.social & @therecordmedia.bsky.social
via @jreddjourno.bsky.social & @therecordmedia.bsky.social
In a first for this series, WE HAVE A SEQUEL!
Today’s interesting newly registered ransomware-themed domain is:
ransomware-response-team[.]info
Remember, with few exceptions, the sequel is never as good as the original. And the original wasn’t great in the first time place.
Today’s interesting newly registered ransomware-themed domain is:
ransomware-response-team[.]info
Remember, with few exceptions, the sequel is never as good as the original. And the original wasn’t great in the first time place.
November 6, 2025 at 2:56 PM
In a first for this series, WE HAVE A SEQUEL!
Today’s interesting newly registered ransomware-themed domain is:
ransomware-response-team[.]info
Remember, with few exceptions, the sequel is never as good as the original. And the original wasn’t great in the first time place.
Today’s interesting newly registered ransomware-themed domain is:
ransomware-response-team[.]info
Remember, with few exceptions, the sequel is never as good as the original. And the original wasn’t great in the first time place.
Uhhh..no dear, I didn't subscribe to that porn site, the hackers did!
"...stolen credit card data from over 4.3 million cardholders worldwide to set up about 19 million fake online subscriptions to pornography, dating and streaming websites."
via @darynant.bsky.social & @therecordmedia.bsky.social
"...stolen credit card data from over 4.3 million cardholders worldwide to set up about 19 million fake online subscriptions to pornography, dating and streaming websites."
via @darynant.bsky.social & @therecordmedia.bsky.social
Europe police bust global fraud ring that used German payment firms to launder millions
The cross-border investigation led to more than 60 house searches and 18 arrests across Germany, the U.S., Canada, Singapore, Luxembourg, Cyprus, Spain, Italy and the Netherlands.
therecord.media
November 5, 2025 at 8:22 PM
Uhhh..no dear, I didn't subscribe to that porn site, the hackers did!
"...stolen credit card data from over 4.3 million cardholders worldwide to set up about 19 million fake online subscriptions to pornography, dating and streaming websites."
via @darynant.bsky.social & @therecordmedia.bsky.social
"...stolen credit card data from over 4.3 million cardholders worldwide to set up about 19 million fake online subscriptions to pornography, dating and streaming websites."
via @darynant.bsky.social & @therecordmedia.bsky.social
Reposted by Allan “Ransomware Sommelier” Liska
State-backed hackers are for the first time deploying malware that uses large language models during execution, allowing them to dynamically generate malicious scripts and evade detection, according to new research from Google Threat Intelligence Group
therecord.media/new-malware-...
therecord.media/new-malware-...
New malware uses AI to adapt during attacks, report finds
Researchers at Google said Wednesday that they recently observed malware "that employed AI capabilities mid-execution to dynamically alter the malware's behavior."
therecord.media
November 5, 2025 at 2:07 PM
State-backed hackers are for the first time deploying malware that uses large language models during execution, allowing them to dynamically generate malicious scripts and evade detection, according to new research from Google Threat Intelligence Group
therecord.media/new-malware-...
therecord.media/new-malware-...