:

SPIRALS RANSOMWARE ENCRYPTS NETWORKS IN UNDER 24 HOURS

SECURITY DESK2 MIN READ
THU, JUL 16, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

A new ransomware group called Spirals has demonstrated rapid attack capabilities, completing full network encryption within a single day. The threat actor moved from initial access through data theft to encryption faster than most ransomware operations.

Spirals represents an emerging threat in the ransomware landscape due to its speed of execution. Security researchers tracking the group observed a complete corporate intrusion cycle—initial network access, data exfiltration, and full encryption deployment—accomplished in less than 24 hours. This timeline compresses what typically takes ransomware operations days or weeks to execute. Traditional ransomware campaigns often allow victims multiple days to detect suspicious activity before encryption begins. Spirals' accelerated approach significantly reduces the window for detection and response. The group's speed suggests either advanced automation in their attack chain or highly experienced operators. Either capability presents a substantial risk to targeted organizations. Faster encryption deployment means less time for IT teams to isolate infected systems or restore from backups before critical data becomes inaccessible. Spiritals' tactics align with evolving ransomware trends. Most modern variants combine encryption with data theft, allowing attackers to demand payment twice—once for decryption and again for not releasing stolen data publicly. The group appears to follow this model. Organizations face mounting pressure to strengthen detection and response capabilities. Standard security measures may prove insufficient against attackers operating on such compressed timelines. Immediate isolation protocols, real-time monitoring of lateral movement, and rapid backup restoration become critical defensive requirements. No details have emerged regarding specific industries or organizations targeted by Spirals. Security researchers continue monitoring the group's activities for additional incidents and tactical information. The emergence of speed-focused ransomware operators underscores the need for organizations to prioritize incident response planning and network segmentation. Backup systems isolated from primary networks remain essential, given the rapid encryption timelines demonstrated by new threat actors like Spirals.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Two members of the Scattered Spider cybercrime collective have been sentenced to five years and six months in prison each for a 2024 cyberattack that disrupted Transport for London.

JUST NOWAI Desk

Russian threat actor UAT-11795 is distributing trojanized versions of popular video conferencing apps to deploy Starland, a new backdoor capable of stealing credentials and cryptocurrency.

2H AGOSecurity Desk

The Cybersecurity and Infrastructure Security Agency has issued an emergency directive requiring federal agencies to patch a critical Oracle E-Business Suite vulnerability by Saturday. The flaw is currently being exploited in active attacks.

2H AGOSecurity Desk

xAI has filed a lawsuit against a user who allegedly used Grok to generate nonconsensual sexualized images of both adults and children.

4H AGOAI Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.