By AFP
October 18, 2025
Image: — © AFP Lionel BONAVENTURE
A US judge on Friday granted an injunction barring Israeli spyware maker NSO Group from targeting WhatsApp users but slashed a $168 million damages award at trial to just $4 million.
District Judge Phyllis Hamilton ruled that NSO Group’s behavior fell short of a “particularly egregious” standard needed to support the jury’s calculations on a financial penalty.
But in the ruling, seen by AFP, she said the court “concluded that defendants’ conduct causes irreparable harm, and there being no dispute that the conduct is ongoing” the judge granted WhatsApp owner Meta an injunction to stop NSO Group’s snooping tactics at the messaging service.
Evidence at trial showed that NSO Group reverse-engineered WhatsApp code to stealthily install spyware targeting users, according to the ruling, which called such access to user data “unlawful.”
The spyware was repeatedly redesigned to escape detection and bypass security fixes at WhatsApp, the court concluded.
The lawsuit, filed in late 2019, accused NSO Group of cyberespionage targeting journalists, lawyers, human rights activists and others using the encrypted messaging service.
Hamilton ruled however that the $168 million damages verdict awarded to Meta earlier this year was excessive.
“There have simply not yet been enough cases involving unlawful electronic surveillance in the smartphone era for the court to be able to conclude that defendants’ conduct was ‘particularly egregious’,” Hamilton wrote in the ruling which was seen by AFP.
“As time goes on, more of a shared societal consensus may emerge about the acceptability of defendants’ conduct.”
Founded in 2010 by Israelis Shalev Hulio and Omri Lavie, NSO Group is based in the seaside high-tech hub of Herzliya, near Tel Aviv.
Media website TechCrunch reported Friday that a US investment group has acquired controlling interest in NSO Group.
The Israeli firm produces Pegasus, a highly invasive tool that can reportedly switch on a target’s cell phone camera and microphone and access data on it, effectively turning the phone into a pocket spy.
The suit filed in a California federal court contended that NSO tried to infect approximately 1,400 “target devices” with malicious software to steal valuable information.
Infecting smartphones or other gadgets being used for WhatsApp messages meant the content of messages encrypted during transmission could be accessed after they were unscrambled.
The complaint said the attackers “developed a program to enable them to emulate legitimate WhatsApp network traffic in order to transmit malicious code” to take over the devices.
The software has been pinpointed by independent experts as being used by nation states, some of them with poor human rights records.
NSO Group has maintained it only licenses its software to governments for fighting crime and terrorism.
Cyberaware: Ransomware attacks continue to rise in 2025
ByDr. Tim Sandle
SCIENCE EDITOR
ByDr. Tim Sandle
SCIENCE EDITOR
DIGITAL JOURNAL
October 17, 2025
The number of ransomware attacks has exploded around the world in recent years - Copyright AFP/File PAUL FAITH
Ransomware incidents continued to grow in Q3 2025. As a result, the total number of ransomware cases in 2025 is up by 47% so far compared to last year. These findings come from NordStellar, a threat exposure management platform. The data has been shared with Digital Journal.
Between January and September 2025, 6,330 ransomware cases were exposed on the dark web. A focused look reveals that between July-September 2025, 1,943 ransomware cases were exposed on the dark web, a 31% increase compared to the same period in 2024.
“So far this year’s results are highlighting a worrying trend — the number of ransomware cases continues to grow steadily,” Vakaris Noreika, cybersecurity expert at NordStellar tells Digital Journal.
“The majority of the growth we’re witnessing right now is most likely a direct result of the increase in ransomware-as-a-service (RaaS) that allows cybercriminals to scale their attacks and has lowered the entry barrier for bad actors. Another key factor is the significant increase in the number of active ransomware groups, which has reached an all-time high.”
Noreika explains that the number of active ransomware groups has been consistently increasing over the past five years. In September alone, NordStellar traced back the ransomware incidents to 66 different groups.
Prime targets in Q3 2025
In July-September 2025, 1,943 ransomware cases were exposed on the dark web, a 31% increase compared to the same period in 2024 (1,484 cases). US businesses were the most targeted, accounting for 54% of the 1,274 cases that could be traced to specific victim countries. Canada holds the second spot with 62 incidents, followed closely by Germany (60), the United Kingdom (54), and France (35).
“The findings mirror the results we have been seeing all year,” explains Noreika. “The US is home to numerous profitable public businesses, and this, coupled with strict regulations, makes them an attractive target for cybercriminals. Their potential for high profitability, combined with a higher likelihood of meeting ransomware demands to resolve incidents quickly, increases the chances of success for attackers.”
Ransomware data from July to September 2025 revealed that the manufacturing industry was the most affected by ransomware, with 245 cases, mirroring the results of the previous quarters. It was followed by professional, scientific, and technical services (107), information technology (103), construction (91), and financial services (69).
“Companies operating in the manufacturing industry experience high operational downtime costs, making them more inclined to give in to ransomware demands to resolve the incident as soon as possible. They also often rely on outdated or unpatched software and systems and are more likely to experience supply chain vulnerabilities due to reliance on third-party vendors, partners, and logistics providers,” Noreika adds.
He explains that companies operating in the professional, scientific, and technical services industry often work with confidential customer data, intellectual property, and critical business tools, making them an attractive target for ransomware actors. According to Noreika, businesses in the information technology industry are targeted because they handle large volumes of valuable data and are key components of the supply chain. This means that attacking them can spread ransomware to multiple businesses simultaneously.
Small and medium-sized businesses (SMBs) were the most affected. The data revealed that organizations with up to 200 employees and revenues of up to $25 million experienced the most attacks.
“As in the first half of 2025, SMBs continue to remain the primary targets for ransomware. Ransomware actors usually perceive smaller businesses as lower-risk targets because they might lack a sophisticated IT infrastructure, operate on low cybersecurity budgets, and not have the means to investigate or report attacks to authorities,” says Noreika.
He adds that smaller revenue companies may also be more likely to meet attackers’ demands since the cost of downtime, data loss, or reputational damage from a full-blown ransomware attack could devastate the business financially. As a result, many of them could view paying the ransom as the only option, making them a higher success target for ransomware attackers.
The number of ransomware attacks has exploded around the world in recent years - Copyright AFP/File PAUL FAITH
Ransomware incidents continued to grow in Q3 2025. As a result, the total number of ransomware cases in 2025 is up by 47% so far compared to last year. These findings come from NordStellar, a threat exposure management platform. The data has been shared with Digital Journal.
Between January and September 2025, 6,330 ransomware cases were exposed on the dark web. A focused look reveals that between July-September 2025, 1,943 ransomware cases were exposed on the dark web, a 31% increase compared to the same period in 2024.
“So far this year’s results are highlighting a worrying trend — the number of ransomware cases continues to grow steadily,” Vakaris Noreika, cybersecurity expert at NordStellar tells Digital Journal.
“The majority of the growth we’re witnessing right now is most likely a direct result of the increase in ransomware-as-a-service (RaaS) that allows cybercriminals to scale their attacks and has lowered the entry barrier for bad actors. Another key factor is the significant increase in the number of active ransomware groups, which has reached an all-time high.”
Noreika explains that the number of active ransomware groups has been consistently increasing over the past five years. In September alone, NordStellar traced back the ransomware incidents to 66 different groups.
Prime targets in Q3 2025
In July-September 2025, 1,943 ransomware cases were exposed on the dark web, a 31% increase compared to the same period in 2024 (1,484 cases). US businesses were the most targeted, accounting for 54% of the 1,274 cases that could be traced to specific victim countries. Canada holds the second spot with 62 incidents, followed closely by Germany (60), the United Kingdom (54), and France (35).
“The findings mirror the results we have been seeing all year,” explains Noreika. “The US is home to numerous profitable public businesses, and this, coupled with strict regulations, makes them an attractive target for cybercriminals. Their potential for high profitability, combined with a higher likelihood of meeting ransomware demands to resolve incidents quickly, increases the chances of success for attackers.”
Ransomware data from July to September 2025 revealed that the manufacturing industry was the most affected by ransomware, with 245 cases, mirroring the results of the previous quarters. It was followed by professional, scientific, and technical services (107), information technology (103), construction (91), and financial services (69).
“Companies operating in the manufacturing industry experience high operational downtime costs, making them more inclined to give in to ransomware demands to resolve the incident as soon as possible. They also often rely on outdated or unpatched software and systems and are more likely to experience supply chain vulnerabilities due to reliance on third-party vendors, partners, and logistics providers,” Noreika adds.
He explains that companies operating in the professional, scientific, and technical services industry often work with confidential customer data, intellectual property, and critical business tools, making them an attractive target for ransomware actors. According to Noreika, businesses in the information technology industry are targeted because they handle large volumes of valuable data and are key components of the supply chain. This means that attacking them can spread ransomware to multiple businesses simultaneously.
Small and medium-sized businesses (SMBs) were the most affected. The data revealed that organizations with up to 200 employees and revenues of up to $25 million experienced the most attacks.
“As in the first half of 2025, SMBs continue to remain the primary targets for ransomware. Ransomware actors usually perceive smaller businesses as lower-risk targets because they might lack a sophisticated IT infrastructure, operate on low cybersecurity budgets, and not have the means to investigate or report attacks to authorities,” says Noreika.
He adds that smaller revenue companies may also be more likely to meet attackers’ demands since the cost of downtime, data loss, or reputational damage from a full-blown ransomware attack could devastate the business financially. As a result, many of them could view paying the ransom as the only option, making them a higher success target for ransomware attackers.
