Russian Ransomware Suspect Freed in Prisoner Exchange with France A 26-year-old Russian basketball player, Daniil Kasatkin, was released in a high-profile prisoner swap between Russia and France. Kasatkin, accused of involvement in a major ransomware operation, was freed after being held in French custody since his June arrest at Paris’s Charles de Gaulle Airport. U.S. prosecutors had sought Kasatkin’s extradition, alleging he served as a negotiator for an unnamed ransomware gang that targeted approximately 900 organizations between 2020 and 2022. The charges included conspiracy to commit computer fraud. While the gang was not officially identified, authorities linked the attacks to the now-defunct Conti ransomware group, which the U.S. Justice Department previously confirmed had victimized over 900 entities globally. In exchange for Kasatkin’s release, France secured the return of Laurent Vinatier, a French researcher sentenced to three years in prison under Russia’s "foreign agent" laws. The swap was confirmed by Russian state media, which shared footage of Kasatkin disembarking from a plane following the exchange. The case underscores the intersection of cybercrime, international law, and geopolitical negotiations.

Qakbot Resurfaces with Stealthier Tactics After FBI Takedown In August 2023, the FBI and international partners dismantled Qakbot (also known as Qbot), a notorious malware operation linked to over 700,000 global infections—including 200,000 in the U.S.—and $58 million in ransomware losses. Dubbed "Operation Duck Hunt," the crackdown seized 52 servers and $8.6 million in cryptocurrency, marking one of the Justice Department’s most significant botnet takedowns. However, the victory was short-lived. By November 2023, Qakbot resurfaced with a more deceptive strategy. Instead of traditional phishing, the group—allegedly led by Russian national Rustam Rafailevich Gallyamov—adopted "spam bomb attacks." These floods of unwanted subscription emails overwhelmed employees, after which attackers posed as IT staff, tricking victims into executing malicious code. Once inside, the malware enabled data theft, encryption, and ransomware deployment, often in collaboration with groups like REvil, Black Basta, and Conti. In April 2025, authorities seized an additional $700,000 and 30 bitcoins tied to Gallyamov, but he remains at large in Russia, beyond U.S. jurisdiction. The case underscores the resilience of cybercriminal operations, even after high-profile disruptions. Qakbot’s evolution highlights the persistent threat of malware-as-a-service models, where attackers continuously adapt to evade law enforcement.

German multinational automotive group Continental was targeted in a ransomware attack recently by the LockBit ransomware gang. LockBit also stole a total of 55 million files from Continental's systems and threatened to publish it on their data leak site if the company doesn't give in to their demands within the next 22 hours. The data was put up for sale on the dark web, a kind of clandestine Internet accessible via specific software and which escapes all regulation and the amount of loot was 50 million dollars.

On August 15, 2023, the Vermont Office of the Attorney General reported a data breach at Continental Automotive Systems, Inc., which occurred between July 4, 2022, and August 5, 2022. The breach involved unauthorized access to IT systems, potentially affecting personal data including identity data, account and bank data, health data, and insurance data. The number of affected individuals is unknown.