Ransomware Update – 2025-09-09

[Content by Gemini 2.5]

Latest Ransomware News and New File Extensions

  • Lovesac / Unnamed Ransomware Group:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Details of the cybersecurity incident were not disclosed.
    • Targets: Lovesac, an American furniture brand, and its customers.
    • Decryption Status: Not specified.
    • Source: News Article – “Lovesac confirms data breach after ransomware attack claims”

  • Yurei Ransomware:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data exfiltration and extortion via victim shaming on their leak site.
    • Targets: Noble Corporation (Indian industrial insulation company) and The Promise Nigeria Ltd (Nigerian fast-food chain).
    • Decryption Status: No known method.
    • Source: Ransomware victim publication – “🏴‍☠️ Yurei has just published a new victim : noblecorp.net”

  • Incransom Ransomware:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data exfiltration and extortion, claiming to have stolen 1.6 TB of data.
    • Targets: Miesa Group (Spanish engineering and manufacturing firm).
    • Decryption Status: No known method.
    • Source: Ransomware victim publication – “🏴‍☠️ Incransom has just published a new victim : Miesa”

  • Killsec Ransomware:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data exfiltration and extortion.
    • Targets: AVA Senior Connect and Nathan And Nathan (company details not provided).
    • Decryption Status: No known method.
    • Source: Ransomware victim publication – “🏴‍☠️ Killsec has just published a new victim : AVA Senior Connect”

  • Play Ransomware:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data exfiltration and extortion.
    • Targets: Energy Fishing, BDE Computer Services, and Promark Partners (all based in the United States).
    • Decryption Status: No known method.
    • Source: Ransomware victim publication – “🏴‍☠️ Play has just published a new victim : Energy Fishing”

  • Akira Ransomware:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data exfiltration and extortion, claiming theft of employee data, financial records, and confidential agreements.
    • Targets: General Converting (US), RBJ Escrow Software (US), Vardeco (Switzerland), and Keller Laser AG (Switzerland).
    • Decryption Status: No known method.
    • Source: Ransomware victim publication – “🏴‍☠️ Akira has just published a new victim : General Converting”

  • Qilin Ransomware:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data exfiltration and extortion.
    • Targets: EPLS (French electrical infrastructure company) and Running Aces (US casino and racetrack).
    • Decryption Status: No known method.
    • Source: Ransomware victim publication – “🏴‍☠️ Qilin has just published a new victim : EPLS: Entreprise d’Installations électriques Courant Fort”

  • Alphalocker Ransomware:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data exfiltration and extortion, claiming theft of between 90 GB and 200 GB of data per victim.
    • Targets: Nubox.com & sumasaas.com, Integrated Pathology Services (ipathpr.com), and Gazomet (gazomet.pl & cgas.pl).
    • Decryption Status: No known method.
    • Source: Ransomware victim publication – “🏴‍☠️ Alphalocker has just published a new victim : nubox.com & sumasaas.com”

Observations and Further Recommendations

  • The provided news is dominated by victim announcements from various ransomware groups, indicating a continued high volume of data exfiltration and “double extortion” attacks.
  • The attacks are geographically diverse and target a wide array of industries, including manufacturing, engineering, retail, finance, hospitality, and critical infrastructure, demonstrating that no sector is immune.
  • The reports lack technical details on attack vectors or specific file extensions, focusing instead on naming victims to apply pressure for payment.
  • Organizations should continue to prioritize comprehensive security measures, including robust, tested backup strategies (with offline copies), multi-factor authentication (MFA) across all services, and regular security awareness training for employees to prevent initial access.

News Details

  • Lovesac confirms data breach after ransomware attack claims: American furniture brand Lovesac is warning that it suffered a data breach impacting an undisclosed number of individuals, stating their personal data was exposed in a cybersecurity incident.
  • 🏴‍☠️ Yurei has just published a new victim : noblecorp.net: Noble Corporation is a leading industrial insulation and materials supply company based in India, renowned for its expertise, innovation, and dedication to quality.
  • 🏴‍☠️ Incransom has just published a new victim : Miesa: Approximately 1.6 TB of data was downloaded. Miesa Group is a COMPANY MADE UP OF 3 FIRMS: Miesa Group specialises in engineering, manufacturing, installation, start-up and maintenance services…
  • 🏴‍☠️ Killsec has just published a new victim : AVA Senior Connect: N/A
  • 🏴‍☠️ Killsec has just published a new victim : Nathan And Nathan: N/A
  • 🏴‍☠️ Play has just published a new victim : Energy Fishing: United States
  • 🏴‍☠️ Play has just published a new victim : BDE Computer Services: United States
  • 🏴‍☠️ Play has just published a new victim : Promark Partners: United States
  • 🏴‍☠️ Medusa has just published a new victim : Rad-Solutions, LLC: Rad-Solutions, LLC is a North American company that specializes in energy curable raw materials, specialty coatings, and innovative products for various industries including graphic arts and cosmetics.
  • 🏴‍☠️ Sinobi has just published a new victim : Melwood: Melwood is a family of companies with a shared vision of a world where people with disabilities are fully included.
  • 🏴‍☠️ Warlock has just published a new victim : okan.ru: finance data
  • 🏴‍☠️ Qilin has just published a new victim : EPLS: Entreprise d’Installations électriques Courant Fort: EPLS, France – the company is engaged in the design and construction of high-voltage and low-voltage systems for a large service sector that includes airports, hospitals, data centers and other critical infrastructure in France.
  • 🏴‍☠️ Qilin has just published a new victim : runaces.com: Finished the game. Running Aces -you’re playing a losing hand.The Running Aces Casino and Racetrack opened in Columbus, Minnesota, in April 2008.
  • 🏴‍☠️ Lynx has just published a new victim : Bounds Gillespie Killebrew Tushek Architects: BGKT Architects a new company has emerged out of a longstanding partnership between Paul Gillespie, in practice since 1977, and Danny Bounds, who joined Paul in 1995 after 14 years with Holiday Inn corporate.
  • 🏴‍☠️ Everest has just published a new victim : Easy Credit: [AI generated] Easy Credit is a financial services company specializing in providing accessible and affordable personal loans to customers.
  • 🏴‍☠️ Alphalocker has just published a new victim : nubox.com & sumasaas.com: 150 GB DATA -Contracts -Projects -Clients -Customers etc
  • 🏴‍☠️ Akira has just published a new victim : General Converting: General Converting, Inc. was founded in 1982… We are going to upload 138 GB of corporate data. Employee personal information (name, DOB and is on), detailed financial data, confidential agreements, lots of customer files, NDAs, etc.
  • 🏴‍☠️ Akira has just published a new victim : RBJ Escrow Software: RBJ Escrow Software leverages 35 years of California escrow experience to provide advanced software solutions for escrow processing, title production, and trust accounting. We are going to upload 20GB of corporate data.
  • 🏴‍☠️ Securotrop has just published a new victim : VRE Systems: Status: PUBLISHED, Size: 174 GB
  • 🏴‍☠️ Dragonforce has just published a new victim : Engineered Advantage: Engineered Advantage, PSC (EA) is an architecture and engineering (A/E) firm dedicated to serving the public and private sector…