Allan “Ransomware Sommelier” Liska
@ransomwaresommelier.com
Recorded Future - Ransomware Researcher
Owner @greenarcher.io - Yours Truly, Johnny Dollar | The Press Guardian | The Clock | The Green Archer
Weird mix of security, comics, photography and wine!
www.greenarcher.io
Owner @greenarcher.io - Yours Truly, Johnny Dollar | The Press Guardian | The Clock | The Green Archer
Weird mix of security, comics, photography and wine!
www.greenarcher.io
Reposted by Allan “Ransomware Sommelier” Liska
Group-IB researchers have spotted a ransomware strain (named DeadLock) abusing blockchain smart contracts for its operations.
The technique has been used before by APT crews and other cybercrime ops, such as crypto miners and infostealers.
www.group-ib.com/blog/deadloc...
The technique has been used before by APT crews and other cybercrime ops, such as crypto miners and infostealers.
www.group-ib.com/blog/deadloc...
www.group-ib.com
January 15, 2026 at 10:58 AM
Group-IB researchers have spotted a ransomware strain (named DeadLock) abusing blockchain smart contracts for its operations.
The technique has been used before by APT crews and other cybercrime ops, such as crypto miners and infostealers.
www.group-ib.com/blog/deadloc...
The technique has been used before by APT crews and other cybercrime ops, such as crypto miners and infostealers.
www.group-ib.com/blog/deadloc...
Cyberattack forces Belgian hospital to transfer critical care patients
Via @alexmartin.bsky.social & @therecordmedia.bsky.social
Via @alexmartin.bsky.social & @therecordmedia.bsky.social
Cyberattack forces Belgian hospital to transfer critical care patients
The AZ Monica hospital system in Antwerp reported a cyberattack that required the assistance of the Red Cross to send several patients to other facilities.
therecord.media
January 14, 2026 at 7:10 PM
Cyberattack forces Belgian hospital to transfer critical care patients
Via @alexmartin.bsky.social & @therecordmedia.bsky.social
Via @alexmartin.bsky.social & @therecordmedia.bsky.social
More than a billion dollars…
More than 40 countries impacted by North Korea IT worker scams, crypto thefts
Via @jgreig.bsky.social (who just hangs out at the UN now 🤩) & @therecordmedia.bsky.social
More than 40 countries impacted by North Korea IT worker scams, crypto thefts
Via @jgreig.bsky.social (who just hangs out at the UN now 🤩) & @therecordmedia.bsky.social
More than 40 countries impacted by North Korea IT worker scams, crypto thefts
Eleven countries led a session at the UN headquarters in New York centered around a 140-page report released last fall that covered North Korea’s extensive cyber-focused efforts to fund its nuclear an...
therecord.media
January 13, 2026 at 11:01 PM
More than a billion dollars…
More than 40 countries impacted by North Korea IT worker scams, crypto thefts
Via @jgreig.bsky.social (who just hangs out at the UN now 🤩) & @therecordmedia.bsky.social
More than 40 countries impacted by North Korea IT worker scams, crypto thefts
Via @jgreig.bsky.social (who just hangs out at the UN now 🤩) & @therecordmedia.bsky.social
I love Mike Tomlin, he has been an incredible coach for The Steelers. And I know people love to mock his “never had a losing season” record, but so few coaches can say that.
I’m glad he got to step down on his own terms and can’t wait to see what he does next.
I’m glad he got to step down on his own terms and can’t wait to see what he does next.
January 13, 2026 at 7:28 PM
I love Mike Tomlin, he has been an incredible coach for The Steelers. And I know people love to mock his “never had a losing season” record, but so few coaches can say that.
I’m glad he got to step down on his own terms and can’t wait to see what he does next.
I’m glad he got to step down on his own terms and can’t wait to see what he does next.
ClickFix attacks are increasingly devious, dangerous, and can hack you in an instant
via @zackwhittaker.com
via @zackwhittaker.com
ClickFix attacks are increasingly devious, dangerous, and can hack you in an instant
These attacks spoof Windows errors, CAPTCHAs, and real login pages to trick victims into hacking themselves with malware that skirts common cyber defenses.
this.weekinsecurity.com
January 13, 2026 at 3:43 AM
ClickFix attacks are increasingly devious, dangerous, and can hack you in an instant
via @zackwhittaker.com
via @zackwhittaker.com
Hopefully, if you are a good egg posting on Breach Forums you are using proper OPSEC and if you are a bad egg, you aren’t.
BreachForums hacking forum database leaked, exposing 324,000 accounts
The latest incarnation of the notorious BreachForums hacking forum has suffered a data breach, with its user database table leaked online.
www.bleepingcomputer.com
January 11, 2026 at 2:22 PM
Hopefully, if you are a good egg posting on Breach Forums you are using proper OPSEC and if you are a bad egg, you aren’t.
A great way to end this Friday is to back this amazing comic that deals with disinformation, press freedom and the impact social media has on both of these.
There’s also a lot of Nazi punching!
We appreciate your support!
There’s also a lot of Nazi punching!
We appreciate your support!
Thanks to all of you amazing people, the final chapter of The Press Guardian was fully funded in less than 6 hours!
Back this project to see amazing internal art from @tiffkath.bsky.social, @takojiyt.bsky.social and others!
Support great artists, back the project today.
Back this project to see amazing internal art from @tiffkath.bsky.social, @takojiyt.bsky.social and others!
Support great artists, back the project today.
The Press Guardian: The Final Chapter
A badass, press freedom defending, Nazi-punching redhead. Perri Chase takes on big tech, Russians, Nazis and her own Government!
www.kickstarter.com
January 9, 2026 at 6:36 PM
A great way to end this Friday is to back this amazing comic that deals with disinformation, press freedom and the impact social media has on both of these.
There’s also a lot of Nazi punching!
We appreciate your support!
There’s also a lot of Nazi punching!
We appreciate your support!
One the left most my travels from lest year (I got the suitcase in March). Rule is, only one sticker per city.
On the right, my first sticker from this year. Looking forward to filling this side up as well.
On the right, my first sticker from this year. Looking forward to filling this side up as well.
January 9, 2026 at 5:51 PM
One the left most my travels from lest year (I got the suitcase in March). Rule is, only one sticker per city.
On the right, my first sticker from this year. Looking forward to filling this side up as well.
On the right, my first sticker from this year. Looking forward to filling this side up as well.
Reposted by Allan “Ransomware Sommelier” Liska
It's finally Friday, so before you stop working for the week, check out today's Metacurity for the most crucial cybersecurity developments you should know, including
--Trump cuts off US access to organizations seeking to strengthen cybersecurity, 1/5
www.metacurity.com/trump-ends-u...
--Trump cuts off US access to organizations seeking to strengthen cybersecurity, 1/5
www.metacurity.com/trump-ends-u...
Trump ends US participation in organizations devoted to stronger cybersecurity
Prisoner swap sends alleged ransomware payment negotiator back to Russia, CISA retires ten emergency directives at once, Cambodian cybercrime kingpin extradited to China, Fugitive wanted for Desjardin...
www.metacurity.com
January 9, 2026 at 3:25 PM
It's finally Friday, so before you stop working for the week, check out today's Metacurity for the most crucial cybersecurity developments you should know, including
--Trump cuts off US access to organizations seeking to strengthen cybersecurity, 1/5
www.metacurity.com/trump-ends-u...
--Trump cuts off US access to organizations seeking to strengthen cybersecurity, 1/5
www.metacurity.com/trump-ends-u...
This is a little on the nose, scammer.
January 8, 2026 at 6:04 PM
This is a little on the nose, scammer.
Spanish airline Iberia attributes recent data breach claims to November incident
via @jgreig.bsky.social & @therecordmedia.bsky.social
via @jgreig.bsky.social & @therecordmedia.bsky.social
Spanish airline Iberia attributes recent data breach claims to November incident
A spokesperson said the information relates to an incident that came to light in November, when a threat actor demanded $150,000 for allegedly stolen data.
therecord.media
January 8, 2026 at 4:01 PM
Spanish airline Iberia attributes recent data breach claims to November incident
via @jgreig.bsky.social & @therecordmedia.bsky.social
via @jgreig.bsky.social & @therecordmedia.bsky.social
😢❤️🩹
US announces withdrawal from dozens of international treaties
via @alexmartin.bsky.social & @therecordmedia.bsky.social
US announces withdrawal from dozens of international treaties
via @alexmartin.bsky.social & @therecordmedia.bsky.social
US announces withdrawal from dozens of international treaties
Although the list does not include what are perceived to be the more consequential multilateral bodies shaping global cyber governance and state behaviour in cyberspace, some of the organizations play...
therecord.media
January 8, 2026 at 1:50 PM
😢❤️🩹
US announces withdrawal from dozens of international treaties
via @alexmartin.bsky.social & @therecordmedia.bsky.social
US announces withdrawal from dozens of international treaties
via @alexmartin.bsky.social & @therecordmedia.bsky.social
Question: Is it a faux pas to drink a Diet Coke with Santa on it after January 1st?
January 7, 2026 at 7:44 PM
Question: Is it a faux pas to drink a Diet Coke with Santa on it after January 1st?
Fascinating read from @alexmartin.bsky.social about the British government’s admitted failures in cybersecurity policy. And what they are doing to try to fix it.
via @therecordmedia.bsky.social
via @therecordmedia.bsky.social
UK government admits years of cyber policy have failed, announces reset
The current system of accountability has left much of the British government vulnerable to cyberattacks, according to a new Government Cyber Action Plan, with responsibilities for risk “unclear at all...
therecord.media
January 7, 2026 at 6:22 PM
Fascinating read from @alexmartin.bsky.social about the British government’s admitted failures in cybersecurity policy. And what they are doing to try to fix it.
via @therecordmedia.bsky.social
via @therecordmedia.bsky.social
Can’t wait!
Yeah, that was an interesting item you highlighted. Did I bump planned topics to speak about this on the @gate15.bsky.social Security Sprint today? Yes, ofc. Did @dpounder.bsky.social discuss @kattenbarge.bsky.social new @wired.com article on AI impersonation? Yes, ofc. Just recorded, out soon!
January 6, 2026 at 1:36 PM
Can’t wait!
Thank you!
I’m particularly fascinated by the use of gig workers to fill in the gaps when a cyber operation fails.
I’m particularly fascinated by the use of gig workers to fill in the gaps when a cyber operation fails.
New! From @ransomwaresommelier.com: New ransomware tactics to watch out for in 2026. Observations, emerging trends and one BIG BOLD prediction about the #ransomware threat environment in 2026. 👀 Good work, Allan! www.recordedfuture.com/blog/ransomw... @gate15.bsky.social @ecrime.ch #cybersecurity
New ransomware tactics to watch out for in 2026
Ransomware groups made less money in 2025 despite a 47% increase in attacks, driving new tactics: bundled DDoS services, insider recruitment, and gig worker exploitation. Learn the emerging trends def...
www.recordedfuture.com
January 6, 2026 at 1:32 PM
Thank you!
I’m particularly fascinated by the use of gig workers to fill in the gaps when a cyber operation fails.
I’m particularly fascinated by the use of gig workers to fill in the gaps when a cyber operation fails.
The final @kickstarter.com campaign for our Press Guardian series is live and we'd love your support! We're already at 95% of our goal YOU can put us over the top!
If you'd like a story about a badass redhead defending press freedom, fighting disinformation, and punching nazis, this is for you!
If you'd like a story about a badass redhead defending press freedom, fighting disinformation, and punching nazis, this is for you!
January 5, 2026 at 6:41 PM
The final @kickstarter.com campaign for our Press Guardian series is live and we'd love your support! We're already at 95% of our goal YOU can put us over the top!
If you'd like a story about a badass redhead defending press freedom, fighting disinformation, and punching nazis, this is for you!
If you'd like a story about a badass redhead defending press freedom, fighting disinformation, and punching nazis, this is for you!
Sedgwick confirms cyber incident affecting its major federal contractor subsidiary
via @jgreig.bsky.social & @therecordmedia.bsky.social
via @jgreig.bsky.social & @therecordmedia.bsky.social
Sedgwick confirms cyber incident affecting its major federal contractor subsidiary
The claims administration company Sedgwick confirmed that a subsidiary that contracts with a handful of sensitive federal agencies is dealing with a cybersecurity incident.
therecord.media
January 5, 2026 at 2:47 PM
Sedgwick confirms cyber incident affecting its major federal contractor subsidiary
via @jgreig.bsky.social & @therecordmedia.bsky.social
via @jgreig.bsky.social & @therecordmedia.bsky.social
What. The. Fuck?
U.S. Captures Venezuela’s Maduro After ‘Large-Scale Strike’ — The Wall Street Journal
A U.S. military operation was carried out in Venezuela after months of pressure on the Latin American country's president
apple.news
January 3, 2026 at 1:44 PM
What. The. Fuck?
This quote from The Net definitely predicted the moral panic of today:
No one leaves the house anymore. No one has sex. The Net is ultimate condom.
No one leaves the house anymore. No one has sex. The Net is ultimate condom.
Fun THE NET fact: It came out just before HACKERS.
In 1995, Sandra Bullock was the first person ever to buy movie theater tickets online, in promotion for her new film THE NET.
January 3, 2026 at 1:52 AM
This quote from The Net definitely predicted the moral panic of today:
No one leaves the house anymore. No one has sex. The Net is ultimate condom.
No one leaves the house anymore. No one has sex. The Net is ultimate condom.
Question: Is everyone who shops at Wegman’s a jagoff, or just the people who shop at Wegmen’s in Ashburn?
@andyjabbour.bsky.social what do you say?
@andyjabbour.bsky.social what do you say?
a man in a yellow shirt is dancing in front of a crowd and the words jaggin off are visible
ALT: a man in a yellow shirt is dancing in front of a crowd and the words jaggin off are visible
media.tenor.com
December 31, 2025 at 8:19 PM
Question: Is everyone who shops at Wegman’s a jagoff, or just the people who shop at Wegmen’s in Ashburn?
@andyjabbour.bsky.social what do you say?
@andyjabbour.bsky.social what do you say?
Got a wonderful surprise from Canada today!
Thank you @caffeineislife.bsky.social for the lovely gifts!
Thank you @caffeineislife.bsky.social for the lovely gifts!
December 30, 2025 at 9:31 PM
Got a wonderful surprise from Canada today!
Thank you @caffeineislife.bsky.social for the lovely gifts!
Thank you @caffeineislife.bsky.social for the lovely gifts!
Reposted by Allan “Ransomware Sommelier” Liska
This story has been developing for a while. New from the DOJ: Two Americans Plead Guilty to Targeting Multiple U.S. Victims Using ALPHV BlackCat Ransomware www.justice.gov/opa/pr/two-a... @gate15.bsky.social @ecrime.ch @campuscodi.risky.biz @ransomwaresommelier.com #cybersecurity #ransomware
Two Americans Plead Guilty to Targeting Multiple U.S. Victims Using ALPHV BlackCat Ransomware
Yesterday a federal district court in the Southern District of Florida accepted the guilty pleas of two men to conspiring to obstruct, delay or affect commerce through extortion in connection with ran...
www.justice.gov
December 30, 2025 at 3:06 PM
This story has been developing for a while. New from the DOJ: Two Americans Plead Guilty to Targeting Multiple U.S. Victims Using ALPHV BlackCat Ransomware www.justice.gov/opa/pr/two-a... @gate15.bsky.social @ecrime.ch @campuscodi.risky.biz @ransomwaresommelier.com #cybersecurity #ransomware