Latest Ransomware News and New File Extensions
-
ShinyHunters Extortion Group:
- New Encrypted File Extension: Not applicable (extortion based on data theft).
- Attack Methods: Breaching companies via their Salesforce instances, exfiltrating data, and then extorting the victims through a dedicated data leak site. The group has threatened to publish stolen data if its demands are not met.
- Targets: A large number of high-profile companies, including Toyota, IKEA, Chanel, Cisco, Marriott, Home Depot, UPS, FedEx, Disney/Hulu, and TransUnion.
- Decryption Status: Not applicable, as the primary method is data exfiltration and extortion, not encryption.
- Source: ShinyHunters launches Salesforce data leak site to extort 39 victims; Scattered Lapsus$ Hunters Returns With Salesforce Leak Site
-
Unspecified Ransomware (Attack on Asahi):
- New Encrypted File Extension: Not specified.
- Attack Methods: The attack caused significant IT disruptions, forcing the shutdown of factories. Specific methods were not disclosed.
- Targets: Japanese beer manufacturer Asahi.
- Decryption Status: Not specified.
- Source: Japanese beer giant Asahi confirms ransomware attack
-
Clop Ransomware Gang:
- New Encrypted File Extension: Not specified.
- Attack Methods: Exploiting vulnerabilities in Oracle’s E-Business Suite (EBS) that were patched in July 2025 to steal data for an ongoing extortion campaign.
- Targets: Organizations utilizing vulnerable versions of Oracle E-Business Suite.
- Decryption Status: Not specified; the focus is on extortion.
- Source: Oracle links Clop extortion attacks to July 2025 vulnerabilities
-
Medusa Ransomware Group:
- New Encrypted File Extension: Not specified.
- Attack Methods: Data exfiltration and posting victim information on their leak site to apply pressure.
- Targets: Diverse organizations including Comcast (media/tech), Organon (pharmaceuticals), Insightin Health (healthcare tech), and Future Generali (insurance).
- Decryption Status: Not specified.
- Source: 🏴☠️ Medusa has just published a new victim : Comcast; 🏴☠️ Medusa has just published a new victim : Organon
-
Akira Ransomware Group:
- New Encrypted File Extension: Not specified.
- Attack Methods: Stealing and threatening to leak sensitive corporate and personal data, including financial records, SSNs, and passports.
- Targets: Data Systems Analysts (IT consulting), Milburn (demolition contracting), and Sobotec (manufacturing).
- Decryption Status: Not specified.
- Source: 🏴☠️ Akira has just published a new victim : DSA; 🏴☠️ Akira has just published a new victim : Milburn
-
Qilin Ransomware Group:
- New Encrypted File Extension: Not specified.
- Attack Methods: Publishing victims on its data leak site.
- Targets: Corban OneSource (HR outsourcing) and IONODES (IP video solutions).
- Decryption Status: Not specified.
- Source: 🏴☠️ Qilin has just published a new victim : Corban OneSource; 🏴☠️ Qilin has just published a new victim : IONODES
Observations and Further Recommendations
- A significant wave of extortion campaigns is underway, with the ShinyHunters group being particularly prominent. Their attack on dozens of major brands via Salesforce highlights the critical risk posed by vulnerabilities in third-party service providers.
- The dominant tactic continues to be “double extortion,” where threat actors exfiltrate sensitive data for public leakage threats rather than relying solely on file encryption.
- Ransomware groups like Clop persist in exploiting known software vulnerabilities (e.g., Oracle EBS), reinforcing the absolute necessity for organizations to apply security patches in a timely manner.
- General recommendation: Organizations should prioritize rapid patching of known vulnerabilities, enhance security controls for third-party platforms, and implement robust monitoring to detect unusual data access and exfiltration attempts.
News Details
- ShinyHunters launches Salesforce data leak site to extort 39 victims: An extortion group has launched a new data leak site to publicly extort dozens of companies impacted by a wave of Salesforce breaches, leaking samples of data stolen in the attacks.
- Scattered Lapsus$ Hunters Returns With Salesforce Leak Site: After claiming it would shut down, the cybercriminal collective reemerged and threatened to publish the stolen data of Salesforce customers by Oct. 10 if its demands are not met.
- Japanese beer giant Asahi confirms ransomware attack: Japanese beer-making giant Asahi has disclosed today that a ransomware attack caused the IT disruptions that forced it to shut down factories this week.
- Oracle links Clop extortion attacks to July 2025 vulnerabilities: Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July 2025.
- 🏴☠️ Medusa has just published a new victim : Comcast: Comcast Corporation operates as a media and technology company worldwide. It operates through Residential Connectivity & Platforms, Business Services Connectivity, Media, Studios, and Theme Parks segments. The total amount of data leakage is 834.4 GB.
- 🏴☠️ Akira has just published a new victim : DSA: Founded in 1963, & based out of Pennsylvania, Data Systems Analysts is a company that provides information technology & consulting solutions services… We are ready to upload more than 19GB data. There are lots of essential corporate documents such as: financial data… employees and customers information (passports, Social Security Numbers, emails, phones) confidential information…
- 🏴☠️ Qilin has just published a new victim : Corban OneSource: Corban OneSource, USA – maximize risks to compliance. Company provides comprehensive HR outsourcing services, including payroll administration, employee benefits management, and HR support, aimed at reducing risks and improving organizational…
- 🏴☠️ Shinyhunters has just published a new victim : Toyota Motor Corporations: [AI generated] Toyota Motor Corporation is a multinational automotive manufacturer headquartered in Japan. Founded by Kiichiro Toyoda in 1937, it became the world’s largest automaker in 2008. Toyota is known for vehicles that prioritize durability and fuel efficiency.