Ransomware Update – 2025-09-08

[Content by Gemini 2.5]

Latest Ransomware News and New File Extensions

  • Alphalocker:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data exfiltration and public extortion via leak site publications. The group claims to have stolen 90 GB from Integrated Pathology Services and ~200 GB from Gazomet/Cgas.
    • Targets: Integrated Pathology Services (Healthcare), Gazomet.pl & Cgas.pl (Energy/Utilities).
    • Decryption Status: No decryption information available.
    • Source: Reported via threat intelligence feeds.

  • Dragonforce:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data exfiltration and extortion.
    • Targets: Engineered Advantage, an architecture and engineering firm.
    • Decryption Status: No decryption information available.
    • Source: Reported via threat intelligence feeds.

  • Multiple Groups (Lynx, Direwolf, Cloak, Killsec, Silentransomgroup, Qilin, Beast):

    • New Encrypted File Extension: Not specified in recent reports.
    • Attack Methods: Data exfiltration and extortion via leak site announcements.
    • Targets: A wide range of industries, including:
      • Lynx: Rose Acre Farms (Agriculture).
      • Direwolf: Purwana Group, Taiwan Flex Electronics (Electronics Manufacturing).
      • Cloak: TuftsMedicine (Healthcare).
      • Killsec: Nathan (Individual/Unknown), GPS Trackit (Technology), Archer Health (Healthcare).
      • Silentransomgroup: Gordon Rees Scully Mansukhani LLP (Legal Services).
      • Qilin: Mechatronics, Inc. USA (Manufacturing).
      • Beast: BinBaires (Gaming/Casino).
    • Decryption Status: No decryption information available.
    • Source: Reported via threat intelligence feeds.

Observations and Further Recommendations

  • Diverse and Widespread Targeting: Ransomware groups continue to attack a broad spectrum of industries, including healthcare, legal services, manufacturing, technology, and agriculture, demonstrating that no sector is immune to these threats.
  • Evolving Infiltration Tactics: Attackers are using increasingly sophisticated and unconventional methods to bypass security measures. Recent campaigns involve abusing legitimate services like iCloud Calendar for phishing and embedding malware within SVG image files.
  • Human-Centric Infiltration: A significant emerging threat involves attackers posing as legitimate job applicants to get hired by a company (“infiltration by onboarding”). This allows them to gain insider access, bypassing external security controls entirely and highlighting a critical vulnerability in identity and access management processes.
  • Recommendations: Organizations must strengthen security beyond conventional defenses. This includes enhancing employee verification during hiring, conducting security awareness training focused on novel phishing vectors (e.g., calendar invites, unusual file types), and implementing robust insider threat monitoring programs.

News Details

  • ⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More: Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it’s knowing which risks matter most right now.
  • You Didn’t Get Phished — You Onboarded the Attacker: When Attackers Get Hired: Today’s New Identity Crisis. What if the star engineer you just hired isn’t actually an employee, but an attacker in disguise? This isn’t phishing; it’s infiltration by onboarding.
  • Why basic science deserves our boldest investment: In December 1947, three physicists at Bell Telephone Laboratories—John Bardeen, William Shockley, and Walter Brattain—built a compact electronic device using thin gold wires and a piece of germanium, a material known as a semiconductor. Their invention, later named the transistor, could amplify and switch electrical signals, marking a dramatic departure from the bulky and fragile vacuum tubes that had powered electronics until then.
  • Google to make it easier to access AI Mode as default: Google plans to make it easier for users to access AI mode by allowing them to set it as the default, replacing the traditional blue links. […]
  • ChatGPT makes Projects feature free, adds a toggle to split chat: ChatGPT’s Projects feature is now feature and second new feature allows you to create new conversations from existing conversations. […]
  • iCloud Calendar abused to send phishing emails from Apple’s servers: iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple’s email servers, making them more likely to bypass spam filters to land in targets’ inboxes. […]
  • Czech cyber agency warns against Chinese tech in critical infrastructure: The Czech Republic’s National Cyber and Information Security Agency (NUKIB) is instructing critical infrastructure organizations in the country to avoid using Chinese technology or transferring user data to servers located in China. […]
  • VirusTotal finds hidden malware phishing campaign in SVG files: VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia’s judicial system that deliver malware. […]
  • OpenAI comes for Hollywood with Critterz, an AI-powered animated film: OpenAI is on a mission to show Hollywood that generative artificial intelligence can deliver results and is throwing its weight behind an animated feature film it hopes will stand toe-to-toe with much costlier productions, according to the Wall Street Journal.
  • The influencer in this Vodafone ad isn’t real: I opened TikTok while visiting Germany last week and stumbled across a Vodafone ad being presented by a woman who probably doesn’t exist. The ad includes several “tells” that suggest the presenter was artificially created using generative AI…
  • Ford introduces F-150 Lightning STX to replace XLT trim: It hasn’t been the greatest year for the Ford F-150 Lightning, with sales so far this year down nearly 10 percent as compared to last year. In the hopes of boosting interest in the battery-powered truck, Ford today announced a new appearance package called STX…
  • Uber and Momenta will test fully driverless cars in Germany: Uber and one of its many robotaxi partners, Momenta, will test fully driverless cars in Germany next year. The news comes as Europe continues to lag behind the US and China in the number of commercially operational robotaxi services.
  • Google finally details Gemini usage limits: Until very recently it wasn’t clear what usage limits were placed on Gemini at the various tiers. Thankfully Google has finally updated its Help Center article detailing “Gemini Apps limits & upgrades for Google AI subscribers.”
  • GM slows EV production as tax credit nears expiration: General Motors is going to be scaling back production of the Cadillac Lyriq and Vistiq, as well as the Chevy Bolt EV as it expects sales of electric vehicles to slow dramatically. The $7,500 consumer tax credit for purchasing a new EV is set to expire at the end of the month.
  • TIFF 2025: Frankenstein, Knives Out 3, and all the biggest movies from Toronto: The Toronto International Film Festival is almost like a preview of the movie slate for the next few months — and this year I’m watching as much as possible to give you all the scoop on what’s ahead.
  • Volkswagen rounds out new lineup of affordable EVs with ID. Cross concept: Everyone basically agrees: if you want people to transition from polluting gas guzzlers to electric cars, you have to make them more affordable. The luxury EVs, with their big battery packs and fine leather interiors, are all well and good, but if you really want to move the needle on EV adoption, we need more entry-level options.
  • Wake Up Dead Man adds a delightfully dark twist to Knives Out: When director Rian Johnson introduced the new Knives Out film on the third day of TIFF 2025, he exclaimed: “we’re going back to church.”
  • Computer chips, with a side of forever chemicals: This is The Stepback, a weekly newsletter breaking down one essential story from the tech world. For more on all things at the intersection of environment and technology, follow Justine Calma.
  • 🏴‍☠️ Alphalocker has just published a new victim : ipathpr.com: Integrated Pathology Services 90 GB data
  • 🏴‍☠️ Alphalocker has just published a new victim : gazomet.pl & cgas.pl: ~200 GB data has been stolen Clients Projects Financial documentation etc.
  • 🏴‍☠️ Dragonforce has just published a new victim : Engineered Advantage: Engineered Advantage, PSC (EA) is an architecture and engineering (A/E) firm dedicated to serving the public and private sector in the areas of architecture, civil engineering, structural engineering, field inspections, and construction management…
  • 🏴‍☠️ Lynx has just published a new victim : rose-acre-farms-inc: www.goodegg.com
  • 🏴‍☠️ Killsec has just published a new victim : Nathan: N/A
  • 🏴‍☠️ Direwolf has just published a new victim : Purwana Group: [AI generated] N/A
  • 🏴‍☠️ Direwolf has just published a new victim : Taiwan Flex Electronics: [AI generated] Taiwan Flex Electronics Corp is a leading technology company based in Taiwan that specializes in producing and selling electronics.
  • 🏴‍☠️ Cloak has just published a new victim : TuftsMedicine: [AI generated] N/A
  • 🏴‍☠️ Killsec has just published a new victim : GPS Trackit: N/A
  • 🏴‍☠️ Killsec has just published a new victim : Archer Health: N/A
  • 🏴‍☠️ Silentransomgroup has just published a new victim : Gordon Rees Scully Mansukhani LLP: Law Firms & Legal Services – California, United States – 2,500 Employees.
  • 🏴‍☠️ Qilin has just published a new victim : Mechatronics: Mechatronics, Inc. USA specializes in providing a wide range of AC, DC, and EC fans and blowers…
  • 🏴‍☠️ Beast has just published a new victim : BinBaires: BinBaires is a company that operates a network of casinos and bingo halls in Argentina…