Latest Ransomware News and New File Extensions
-
Obscura:
- New Encrypted File Extension: Not specified in the articles.
- Attack Methods: Not specified in the articles; attacks focus on data exfiltration for extortion.
- Targets: Rulmaksan Makina (Consumer Services), The Fixing Company (Construction), HeavenlyDental & Plazadental (Healthcare), WZV Warndt (Water Utility), MeamarGroup (Real Estate).
- Decryption Status: No known decryption method available.
-
Rhysida:
- New Encrypted File Extension: Not specified in the articles.
- Attack Methods: Not specified in the articles; attacks focus on data exfiltration for extortion.
- Targets: Elite Trailers (Custom trailer manufacturing).
- Decryption Status: No known decryption method available.
-
Incransom:
- New Encrypted File Extension: Not specified in the articles.
- Attack Methods: Not specified in the articles; attacks focus on data exfiltration for extortion.
- Targets: Monterey Mushrooms (Agriculture), CPH (Architecture/Engineering), Shafer Partners (Law), Omega Bio-tek (Biotechnology), C&H Enterprises (Manufacturing), University of St. Thomas (Education).
- Decryption Status: No known decryption method available.
-
Qilin:
- New Encrypted File Extension: Not specified in the articles.
- Attack Methods: Not specified in the articles; attacks focus on data exfiltration for extortion.
- Targets: Ekmanian Tax & Accounting (Financial Services), Osaki Medical (Medical Supplies), Rivertown Surgery Center (Healthcare), Flamgard Calidair (Manufacturing), Master System Inc (Software), Musim Mas Group (Palm Oil Corporation).
- Decryption Status: No known decryption method available.
-
Lynx:
- New Encrypted File Extension: Not specified in the articles.
- Attack Methods: Not specified in the articles; attacks focus on data exfiltration for extortion.
- Targets: A wide range of entities including Six Guns LLC (Construction), Simmons Boardman Publishing (Publishing), FirstLight (Telecommunications), Pesado Construction (Construction), Ona Hotels (Hospitality), Primax Perú (Energy), Volanno (Software), City of Batavia (Government), Metro Technology Centers (Education), and others across various sectors.
- Decryption Status: No known decryption method available.
-
Akira:
- New Encrypted File Extension: Not specified in the articles.
- Attack Methods: Not specified in the articles; attacks focus on data exfiltration and extortion, with threats to leak financial and personal data.
- Targets: Spokane Produce (Food Distribution), Carus (Environmental Solutions).
- Decryption Status: No known decryption method available.
-
Other Active Groups:
- New Encrypted File Extension: Not specified in the articles.
- Attack Methods: Not specified in the articles; primarily data exfiltration for extortion.
- Targets: CI Engineering (by Cicada3301), Moore & Van Allen (by Silentransomgroup), UNIDEL Ventures Pvt (by Nova), and victims from the tourism and chemical industries (by Devman).
- Decryption Status: No known decryption method available for these attacks.
Observations and Further Recommendations
- Ransomware groups continue to target a diverse array of industries, including manufacturing, healthcare, professional services, education, and public sector organizations, indicating that no sector is immune.
- The primary tactic observed is double extortion, where attackers exfiltrate sensitive data before encryption and threaten to publish it on their leak sites to pressure victims into paying the ransom.
- Groups like Lynx and Incransom have been particularly active, announcing a high volume of victims in a short period.
- Organizations should prioritize robust cybersecurity measures, including regular data backups (stored offline and tested), multi-factor authentication (MFA), timely patching of vulnerabilities, and employee security awareness training to defend against initial access vectors.
News Details
- SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild: A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month.
- Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries: The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries.
- GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module: Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam.
- Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions: Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X’s malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok.
- CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting that there is evidence of them being exploited in the wild.
- Hackers exploited Sitecore zero-day flaw to deploy backdoors: Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware.
- Tire giant Bridgestone confirms cyberattack impacts manufacturing: Car tire giant Bridgestone confirms it is investigating a cyberattack that impacts the operation of some manufacturing facilities in North America.
- 🏴☠️ Obscura has just published a new victim : Rulmaksan Makina: Rulmaksan Makina is a company that operates in the Consumer Services industry.
- 🏴☠️ Rhysida has just published a new victim : Elite Trailers: Elite Trailers Elite Trailer MFG, LLC. specializes in the custom manufacturing of high-quality trailers, including horse, livestock, and specialty models.
- 🏴☠️ Incransom has just published a new victim : Monterey Mushrooms, LLC: Monterey Mushrooms, Inc. was initially established in 1971 as a single farm operation in Royal Oaks, California. Today, this multi-site business is headquartered in Watsonville, California…
- 🏴☠️ Qilin has just published a new victim : Ekmanian Tax & Accounting: Ekmanian Tax & Accounting, USA – scandal immediately after M&A. Company is a law firm that provides tax account services and bookkeeping for people and companies.
- 🏴☠️ Akira has just published a new victim : Spokane Produce: Spokane Produce, Inc. is a family-owned business established in the 1940s, specializing in the distribution of high-quality fresh produce… We are ready to upload more than 74GB files of essential corporate documents.