Allan “Ransomware Sommelier” Liska
@ransomwaresommelier.com
Recorded Future - Ransomware Researcher
Owner @greenarcher.io - Yours Truly, Johnny Dollar | The Press Guardian | The Clock | The Green Archer
Weird mix of security, comics, photography and wine!
www.greenarcher.io
Owner @greenarcher.io - Yours Truly, Johnny Dollar | The Press Guardian | The Clock | The Green Archer
Weird mix of security, comics, photography and wine!
www.greenarcher.io
Unfortunately, I am going to be in London, but this discussion of the scam economy with @samsabin.bsky.social in DC looks really good.
thescameconomytechtheft.splashthat.com?lid=12r6xyrq...
thescameconomytechtheft.splashthat.com?lid=12r6xyrq...
thescameconomytechtheft.splashthat.com
November 25, 2025 at 5:01 PM
Unfortunately, I am going to be in London, but this discussion of the scam economy with @samsabin.bsky.social in DC looks really good.
thescameconomytechtheft.splashthat.com?lid=12r6xyrq...
thescameconomytechtheft.splashthat.com?lid=12r6xyrq...
Reposted by Allan “Ransomware Sommelier” Liska
Welcome to the Top 10 South Korea! 👀 Check Point releases 3rd Quarter ransomware report: Qilin most active; Manufacturing & business services remained the most affected sectors; 85 groups research.checkpoint.com/2025/the-sta... @gate15.bsky.social @ecrime.ch @ransomwaresommelier.com #cybersecurity
The State of Ransomware – Q3 2025 - Check Point Research
Ransomware is more fragmented and less centralized, with a record of 85 separate groups acting while victims remain as high as ever.
research.checkpoint.com
November 25, 2025 at 1:53 PM
Welcome to the Top 10 South Korea! 👀 Check Point releases 3rd Quarter ransomware report: Qilin most active; Manufacturing & business services remained the most affected sectors; 85 groups research.checkpoint.com/2025/the-sta... @gate15.bsky.social @ecrime.ch @ransomwaresommelier.com #cybersecurity
Today’s interesting newly registered ransomware-themed domains are interesting for what’s missing:
ransomware-protection-1[.]de
ransomware-protection-52[.]de
What happened to ransomware-protection-2[.]de through ransomware-protection-51[.]de why were they left out?
ransomware-protection-1[.]de
ransomware-protection-52[.]de
What happened to ransomware-protection-2[.]de through ransomware-protection-51[.]de why were they left out?
a man wearing glasses is standing in front of a black background that says " why are you like this "
ALT: a man wearing glasses is standing in front of a black background that says " why are you like this "
media.tenor.com
November 25, 2025 at 1:24 PM
Today’s interesting newly registered ransomware-themed domains are interesting for what’s missing:
ransomware-protection-1[.]de
ransomware-protection-52[.]de
What happened to ransomware-protection-2[.]de through ransomware-protection-51[.]de why were they left out?
ransomware-protection-1[.]de
ransomware-protection-52[.]de
What happened to ransomware-protection-2[.]de through ransomware-protection-51[.]de why were they left out?
Software companies must be held liable for British economic security, say MPs
via @alexmartin.bsky.social & @therecordmedia.bsky.social
via @alexmartin.bsky.social & @therecordmedia.bsky.social
Software companies must be held liable for British economic security, say MPs
A lack of liability for software vendors is putting Britain’s economic and national security at risk, an influential committee of lawmakers warned on Monday.
therecord.media
November 25, 2025 at 12:48 PM
Software companies must be held liable for British economic security, say MPs
via @alexmartin.bsky.social & @therecordmedia.bsky.social
via @alexmartin.bsky.social & @therecordmedia.bsky.social
We live in a world where there is more and more information, and less and less meaning, Charlie Brown.
They even shot Tommy in the face so his mother couldn't give him an open coffin at the funeral, Charlie Brown.
It's Johnny Cammareri, Charlie Brown.
November 25, 2025 at 2:29 AM
We live in a world where there is more and more information, and less and less meaning, Charlie Brown.
Ohhhh… @lhn.bsky.social are the best episodes of Hoth Takes because her takes are objectively correct, and it drives everyone else nuts!
We've got a new @hothtakes.bsky.social episode for you today! @lhn.bsky.social joins Haley and me to talk about how Star Wars tells stories about Jedi and Sith, and what we want from those stories going forward. hothtakes.wordpress.com/2025/11/24/h...
Hoth Takes #65: Show Me the First Padawan Braid
Between Andor and the upcoming Mandalorian and Grogu movie, Star Wars is currently leaning into stories about the “regular” people of the galaxy. But what about the Jedi and the Sith, the people at…
hothtakes.wordpress.com
November 24, 2025 at 4:58 PM
Ohhhh… @lhn.bsky.social are the best episodes of Hoth Takes because her takes are objectively correct, and it drives everyone else nuts!
Somehow, I passed 8,000 connections here, which is insane. Thank you all!
Anyway, to I guess…celebrate (?), I am going to give away a bunch of stickers. So, if you follow me, don’t mind DM’ing me your address (US only, sorry) and want some comic and infosec (you’ll get both) stickers let me know.
Anyway, to I guess…celebrate (?), I am going to give away a bunch of stickers. So, if you follow me, don’t mind DM’ing me your address (US only, sorry) and want some comic and infosec (you’ll get both) stickers let me know.
November 22, 2025 at 12:01 AM
Somehow, I passed 8,000 connections here, which is insane. Thank you all!
Anyway, to I guess…celebrate (?), I am going to give away a bunch of stickers. So, if you follow me, don’t mind DM’ing me your address (US only, sorry) and want some comic and infosec (you’ll get both) stickers let me know.
Anyway, to I guess…celebrate (?), I am going to give away a bunch of stickers. So, if you follow me, don’t mind DM’ing me your address (US only, sorry) and want some comic and infosec (you’ll get both) stickers let me know.
[Jeremy Clarkson “Oh no…anyway . Gif]
China’s APT31 linked to hacks on Russian tech firms
via @darynant.bsky.social & @therecordmedia.bsky.social
China’s APT31 linked to hacks on Russian tech firms
via @darynant.bsky.social & @therecordmedia.bsky.social
China’s APT31 linked to hacks on Russian tech firms
Moscow-based Positive Technologies says a China-linked group tracked as APT31 appears to be responsible for breaches of entities in Russia's tech sector.
therecord.media
November 21, 2025 at 5:37 PM
[Jeremy Clarkson “Oh no…anyway . Gif]
China’s APT31 linked to hacks on Russian tech firms
via @darynant.bsky.social & @therecordmedia.bsky.social
China’s APT31 linked to hacks on Russian tech firms
via @darynant.bsky.social & @therecordmedia.bsky.social
I honestly had no idea that there was a virtual monopoly on Bitcoin mining hardware.
via @bloomberg.com
via @bloomberg.com
Chinese Maker Behind Most of World’s Bitcoin Miners Has Been Focus of US National Security Probe
Investigators have sought to assess whether Bitmain Technologies’ products pose risks of espionage or sabotage, according to people familiar with the matter. The company says they don’t.
www.bloomberg.com
November 21, 2025 at 4:59 PM
I honestly had no idea that there was a virtual monopoly on Bitcoin mining hardware.
via @bloomberg.com
via @bloomberg.com
I need to find a way to get all my videos blocked in Russia 🤣
Oh no…my video can’t be seen in Russia, whatever will I do 🤣🤣🤣
November 20, 2025 at 5:49 PM
I need to find a way to get all my videos blocked in Russia 🤣
Lawmakers reintroduce bill to bolster cybersecurity at Securities and Exchange Commission
Via @jgreig.bsky.social & @therecordmedia.bsky.social
Via @jgreig.bsky.social & @therecordmedia.bsky.social
Lawmakers reintroduce bill to bolster cybersecurity at Securities and Exchange Commission
A bipartisan congressional duo introduced legislation that would beef up cybersecurity protections at the Securities and Exchange Commission.
therecord.media
November 20, 2025 at 2:05 PM
Lawmakers reintroduce bill to bolster cybersecurity at Securities and Exchange Commission
Via @jgreig.bsky.social & @therecordmedia.bsky.social
Via @jgreig.bsky.social & @therecordmedia.bsky.social
Thanks to @mattkapko.com for including my comments on Bullet Proof Hosting sanctions in this piece for @cyberscoop.bsky.social
Five Eyes just made life harder for bulletproof hosting providers
An international effort sanctioned Russia-based Media Land and took action against companies and people who helped Aeza Group evade previously issued sanctions.
cyberscoop.com
November 20, 2025 at 1:59 PM
Thanks to @mattkapko.com for including my comments on Bullet Proof Hosting sanctions in this piece for @cyberscoop.bsky.social
Reposted by Allan “Ransomware Sommelier” Liska
Coveware: The case to not pay Obscura... 'which means the key needed for decryption is lost. These files are permanently unrecoverable.' www.coveware.com/blog/2025/11... #cybersecurity #ransomware @ecrime.ch @campuscodi.risky.biz @gate15.bsky.social @ransomwaresommelier.com @silascutler.bsky.social
Obscura Ransomware: Why Some Data Can’t Be Recovered
Discover how Obscura ransomware corrupts encrypted files beyond recovery, and why technical validation is key to smart ransom response decisions
www.coveware.com
November 20, 2025 at 12:49 PM
Coveware: The case to not pay Obscura... 'which means the key needed for decryption is lost. These files are permanently unrecoverable.' www.coveware.com/blog/2025/11... #cybersecurity #ransomware @ecrime.ch @campuscodi.risky.biz @gate15.bsky.social @ransomwaresommelier.com @silascutler.bsky.social
It’s rare that we see an actual NEW ransomware family, so it will be interesting to see how this develops.
via @lawrenceabrams.bsky.social & @bleepingcomputer.com
via @lawrenceabrams.bsky.social & @bleepingcomputer.com
Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters
An in-development build of the upcoming ShinySp1d3r ransomware-as-a-service platform has surfaced, offering a preview of the upcoming extortion operation.
www.bleepingcomputer.com
November 19, 2025 at 5:20 PM
It’s rare that we see an actual NEW ransomware family, so it will be interesting to see how this develops.
via @lawrenceabrams.bsky.social & @bleepingcomputer.com
via @lawrenceabrams.bsky.social & @bleepingcomputer.com
Reposted by Allan “Ransomware Sommelier” Liska
WaterISAC’s Quarterly Water Sector Incident Summary, April to June 2025 – Executive Summary www.waterisac.org/tlpclear-wat... #water #cybersecurity #security @gate15.bsky.social @craignewmark.bsky.social @ransomwaresommelier.com @campuscodi.risky.biz @timstarks.bsky.social @maggiemiller.bsky.social
November 19, 2025 at 2:24 PM
WaterISAC’s Quarterly Water Sector Incident Summary, April to June 2025 – Executive Summary www.waterisac.org/tlpclear-wat... #water #cybersecurity #security @gate15.bsky.social @craignewmark.bsky.social @ransomwaresommelier.com @campuscodi.risky.biz @timstarks.bsky.social @maggiemiller.bsky.social
One of the places you can find @greenarcher.io comics before the end of the year is @cyberwarcon.bsky.social!
If you are there tomorrow, stop by, say hi and buy some comics!
If you are there tomorrow, stop by, say hi and buy some comics!
Only four more places you can see us in 2025! If you are around, stop by we'd love to say hi!
November 18, 2025 at 10:22 PM
One of the places you can find @greenarcher.io comics before the end of the year is @cyberwarcon.bsky.social!
If you are there tomorrow, stop by, say hi and buy some comics!
If you are there tomorrow, stop by, say hi and buy some comics!
Great episode of the @gate15.bsky.social Interview with @andyjabbour.bsky.social and EclecticIQ’s CEO Cody Barrow. Especially around the use of AI in security and intelligence.
The Gate 15 Interview EP 64: Cody Barrow, CEO, EclecticlQ. “Nothing in cyber happens without a reason.”
Podcast Episode · The Gate 15 Podcast Channel · 11/17/2025 · 39m
podcasts.apple.com
November 17, 2025 at 11:05 PM
Great episode of the @gate15.bsky.social Interview with @andyjabbour.bsky.social and EclecticIQ’s CEO Cody Barrow. Especially around the use of AI in security and intelligence.
New alert from CISA
Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products
Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products
Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products | CISA
www.cisa.gov
November 17, 2025 at 6:46 PM
New alert from CISA
Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products
Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products
Cyberattack leaves Jaguar Land Rover short of £680 million
via @alexmartin.bsky.social & @therecordmedia.bsky.social
via @alexmartin.bsky.social & @therecordmedia.bsky.social
Cyberattack leaves Jaguar Land Rover short of £680 million
British automotive giant Jaguar Land Rover said a cyberattack caused a huge hit to its bottom line in the most recent quarter.
therecord.media
November 17, 2025 at 3:10 PM
Cyberattack leaves Jaguar Land Rover short of £680 million
via @alexmartin.bsky.social & @therecordmedia.bsky.social
via @alexmartin.bsky.social & @therecordmedia.bsky.social
I do love angry @hankgreen.bsky.social, but he’s right, Wikipedia is an amazing resource that I don’t think could get made today.
And just like they are trying to destroy libraries and universities, the right wing can’t stand that Wikipedia exists and can’t be controlled.
And just like they are trying to destroy libraries and universities, the right wing can’t stand that Wikipedia exists and can’t be controlled.
Wikipedia and the Destruction of Trust
YouTube video by Hank Green
youtu.be
November 16, 2025 at 9:30 PM
I do love angry @hankgreen.bsky.social, but he’s right, Wikipedia is an amazing resource that I don’t think could get made today.
And just like they are trying to destroy libraries and universities, the right wing can’t stand that Wikipedia exists and can’t be controlled.
And just like they are trying to destroy libraries and universities, the right wing can’t stand that Wikipedia exists and can’t be controlled.
Dear Russian Hackers,
I promise this is just a fluke, you should feel free to travel to Thailand all you want. Pinky Swear!
allan
via @darynant.bsky.social & @therecordmedia.bsky.social
I promise this is just a fluke, you should feel free to travel to Thailand all you want. Pinky Swear!
allan
via @darynant.bsky.social & @therecordmedia.bsky.social
Suspected Russian hacker reportedly detained in Thailand, faces possible US extradition
Russian news reports and Thai sources said police had detained an alleged Russian hacker on the island of Phuket and transferred him to Bangkok for possible transfer to the U.S.
therecord.media
November 15, 2025 at 2:03 AM
Dear Russian Hackers,
I promise this is just a fluke, you should feel free to travel to Thailand all you want. Pinky Swear!
allan
via @darynant.bsky.social & @therecordmedia.bsky.social
I promise this is just a fluke, you should feel free to travel to Thailand all you want. Pinky Swear!
allan
via @darynant.bsky.social & @therecordmedia.bsky.social
Good for Checkout[.]com
“Last week, we were targeted by a criminal extortion attempt. The attackers gained access to a legacy, third-party cloud file storage system.
…
We are donating the ransom amount to fund cybercrime research.”
“Last week, we were targeted by a criminal extortion attempt. The attackers gained access to a legacy, third-party cloud file storage system.
…
We are donating the ransom amount to fund cybercrime research.”
Protecting our Merchants: Standing up to Extortion
Our statement detailing an incident concerning a legacy system. We outline our commitment to transparency, accountability, and planned investment in cyber security research.
www.checkout.com
November 14, 2025 at 8:12 PM
Good for Checkout[.]com
“Last week, we were targeted by a criminal extortion attempt. The attackers gained access to a legacy, third-party cloud file storage system.
…
We are donating the ransom amount to fund cybercrime research.”
“Last week, we were targeted by a criminal extortion attempt. The attackers gained access to a legacy, third-party cloud file storage system.
…
We are donating the ransom amount to fund cybercrime research.”
Reposted by Allan “Ransomware Sommelier” Liska
Yep, that also tracks with the data we have (owned by a large cyber insurer). Akira is by far the most active and impactful for our clients. Responsible for most incidents in Q3 for sure.
November 14, 2025 at 7:12 PM
Yep, that also tracks with the data we have (owned by a large cyber insurer). Akira is by far the most active and impactful for our clients. Responsible for most incidents in Q3 for sure.
Interesting, LAPSUS$ Scattered Hunters gets all the media attention, but I agree with @mattkapko.com's reporting in @cyberscoop.bsky.social that Akira is among the worst, in fact LAPSUS$ Scattered Hunters doesn't even crack the top 5.
@mattkapko.com should I do a Casey Kasem inspired Top 10 😂?
@mattkapko.com should I do a Casey Kasem inspired Top 10 😂?
FBI calls Akira ‘top five’ ransomware variant out of 130 targeting US businesses
Officials shared indicators of compromise observed as recently as this month to help organizations hunt for and defend against the ransomware group, which has pocketed $244 million as of late Septembe...
cyberscoop.com
November 14, 2025 at 6:21 PM
Interesting, LAPSUS$ Scattered Hunters gets all the media attention, but I agree with @mattkapko.com's reporting in @cyberscoop.bsky.social that Akira is among the worst, in fact LAPSUS$ Scattered Hunters doesn't even crack the top 5.
@mattkapko.com should I do a Casey Kasem inspired Top 10 😂?
@mattkapko.com should I do a Casey Kasem inspired Top 10 😂?
For some reason the YouTube algorithm thinks I’m poor 🤣🤣🤣.
November 14, 2025 at 3:59 PM
For some reason the YouTube algorithm thinks I’m poor 🤣🤣🤣.