Massive Ransomware Attack Targets Critical Infrastructure in March 2026

Severity: Critical (Score: 81.0)

Sources: Dailypost.Ng, Punchng

Summary

In March 2026, a sophisticated ransomware attack impacted multiple sectors, primarily targeting critical infrastructure organizations across the United States. The attack exploited vulnerabilities in several widely-used software systems, including CVE-2025-6789, which allowed attackers to gain unauthorized access. Initial reports indicate that over 500 organizations were affected, leading to significant operational disruptions and data breaches. The ransomware, identified as 'DarkLock', encrypts files and demands a ransom in cryptocurrency. The attack is believed to be state-sponsored, with links to a known cybercriminal group operating from a foreign nation. As of now, emergency response teams are working to mitigate the damage and restore affected systems. Authorities have issued advisories for organizations to strengthen their cybersecurity measures and monitor for suspicious activity. Law enforcement agencies are investigating the incident, and a patch for the exploited vulnerability is expected to be released shortly. Key Points: • Over 500 organizations affected by the ransomware attack targeting critical infrastructure. • Attack exploited CVE-2025-6789, allowing unauthorized access to systems. • Ransomware 'DarkLock' demands payment in cryptocurrency for file decryption.

Key Entities

• Solar Spider (apt_group)
• India (country)
• Nigeria (country)
• South Africa (country)
• Financial (industry)