Ransomware Update – 2025-11-10

[Content by Gemini 2.5]

Latest Ransomware News and New File Extensions

  • Ransomhouse:

    • New Encrypted File Extension: Not specified in the report.
    • Attack Methods: Data exfiltration and public disclosure on their leak site.
    • Targets: ASKUL Corporation, a major Japanese e-commerce company.
    • Decryption Status: No information available; the focus is on a data leak.
    • Source: From the provided news feed.

  • Rhysida:

    • New Encrypted File Extension: Not specified in the report.
    • Attack Methods: Publicly listing victims on their leak site.
    • Targets: LMHT Associates.
    • Decryption Status: No information available.
    • Source: From the provided news feed.

  • Sinobi:

    • New Encrypted File Extension: Not specified in the report.
    • Attack Methods: Publicly listing victims on their leak site to apply pressure.
    • Targets: Seward County in Kansas, USA, and CapitalPlus Exchange, a financial institution support organization.
    • Decryption Status: No information available.
    • Source: From the provided news feed.

  • Coinbasecartel:

    • New Encrypted File Extension: Not specified in the report.
    • Attack Methods: Data exfiltration, claiming to have stolen over 2 TB of data from one victim.
    • Targets: Propertyfinder / PropSpace CRM (real estate tech) and Dreyfuss Williams & Associates (law firm).
    • Decryption Status: No information available; the primary threat is data leakage.
    • Source: From the provided news feed.

  • Nightspire:

    • New Encrypted File Extension: Not specified in the report.
    • Attack Methods: Publicly naming multiple international victims on its leak site.
    • Targets: A diverse range of international organizations, including Servicios del Valle del Fuerte (Mexico), Fidelity Pension Managers (Nigeria), Eastern Cape Department of Human Settlements (South Africa), and Instituto Nacional de Oftalmologia (Peru).
    • Decryption Status: No information available.
    • Source: From the provided news feed.

  • Medusa:

    • New Encrypted File Extension: Not specified in the report.
    • Attack Methods: Publicly listing victims on their leak site.
    • Targets: Atrium Living Centers, a U.S.-based company providing skilled nursing and long-term care services.
    • Decryption Status: No information available.
    • Source: From the provided news feed.

  • Beast:

    • New Encrypted File Extension: Not specified in the report.
    • Attack Methods: Publicly naming victims on its leak site.
    • Targets: Ringmor (telecommunications), Punjab Forensic Science Agency (government), and Noroaco (steel products).
    • Decryption Status: No information available.
    • Source: From the provided news feed.

  • Qilin:

    • New Encrypted File Extension: Not specified in the report.
    • Attack Methods: Publicly listing victims on their leak site.
    • Targets: Gullco International, Hitzinger, and Gadge USA.
    • Decryption Status: No information available.
    • Source: From the provided news feed.

Observations and Further Recommendations

  • Ransomware groups continue to heavily rely on the “name-and-shame” tactic, using their data leak sites to publicly announce victims and pressure them into payment.
  • The targets are geographically diverse and span a wide array of sectors, including e-commerce, government, healthcare, legal, and finance, indicating that no industry is immune.
  • The primary threat highlighted in these announcements is data exfiltration rather than encryption, with groups like Coinbasecartel explicitly claiming to have stolen large volumes of sensitive data.
  • To mitigate these threats, organizations must prioritize a multi-layered defense strategy that includes robust data protection, network segmentation to limit lateral movement, and regular, immutable backups to recover from both encryption and data loss.

News Details

  • Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware: Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their credentials by deploying malware like PureRAT.
  • GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs: Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem.
  • How to use the new Windows 11 Start menu, now rolling out: The Windows Start menu is getting its first major redesign since 2021 and will be rolled out to everyone with the November 11 Patch Tuesday update.
  • NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features: NAKIVO Backup & Replication v11.1 expands disaster recovery with real-time replication, enhanced Proxmox VE support, and granular physical backups.
  • Lost iPhone? Don’t fall for phishing texts saying it was found: The Swiss National Cyber Security Centre (NCSC) is warning iPhone owners about a phishing scam that claims to have found your lost or stolen iPhone but is actually trying to steal your Apple ID credentials.
  • Dangerous runC flaws could allow hackers to escape Docker containers: Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system.
  • OpenAI plans to release GPT-5.1, GPT-5.1 Reasoning, and GPT-5.1 Pro: OpenAI is preparing the GPT-5.1 family for public rollout. This includes GPT-5.1 (base), GPT-5.1 Reasoning, and GPT-5.1 Pro for those who pay a $200 monthly subscription.
  • Cleveland Guardians’ pitchers indicted for rigging online bets: Cleveland Guardians pitchers Emmanuel Clase and Luis Ortiz were indicted in Brooklyn on charges that they conspired to illegally rig bets on pitches thrown during games.
  • You need to listen to this compilation of ‘80s Spanish ambient and electronic music: Much of La Ola Interior (Spanish Ambient & Acid Exoticism 1983-1990) sounds shockingly contemporary for a collection of tracks recorded in the mid to late ’80s.
  • YouTube TV, ESPN, and Disney: the latest on the blackout: On October 31st, ESPN, ABC, Nat Geo, and over 20 other Disney-owned channels went dark on YouTube TV. As the two sides disagree about terms for a new content distribution contract…
  • Arturia’s KeyStep mk2 MIDI controller is a shortcut to flow state: Arturia’s KeyStep is one of the most popular MIDI controllers ever made, especially with modular synth users and the DAWless crowd.
  • The tale of the Fire Phone, Amazon’s very strange smartphone: When Jeff Bezos decided Amazon needed to get in the smartphone game, he went all in. And the resulting device, the Fire Phone, wound up more densely packed with big ideas than just about any gadget you’ll find anywhere.
  • Deck out your tree with ornaments of retro consoles, movie moments, and more: Do the ornaments you adorn your Christmas tree with reflect you or your family’s interests? If not, maybe you should rectify that.
  • 65daysofstatic’s new No Man’s Sky album searches for humanity in an AI-filled world: It’s not often that a band returns to soundtrack the same game nine years after its release – then again, most games aren’t No Man’s Sky.
  • The algorithm failed music: This is The Stepback, a weekly newsletter breaking down one essential story from the tech world.
  • Ikea just took over your smart home: Hi, friends! Welcome to Installer No. 105, your guide to the best and Verge-iest stuff in the world.
  • 🏴‍☠️ Ransomhouse has just published a new victim : [EVIDENCE PACK 2]ASKUL: ASKUL Corporation, founded in 1963 and headquartered in Tokyo, is a leading Japanese e-commerce company serving both businesses (B2B) and consumers (B2C).
  • 🏴‍☠️ Rhysida has just published a new victim : LMHT Associates: LMHT Associates
  • 🏴‍☠️ Sinobi has just published a new victim : Seward County, KS: Seward County is a county located in Kansas. This county was formed on March 20, 1873 and the county seat is Liberal.
  • 🏴‍☠️ Sinobi has just published a new victim : CapitalPlus Exchange: CapitalPlus Exchange (CapPlus) supports financial institutions in emerging economies by enhancing their strategic and operational capacities…
  • 🏴‍☠️ Coinbasecartel has just published a new victim : Propertyfinder / PropSpace CRM: We have more than 2 TB which includes – Full Propertyfinder leads DB (10 M + records) – Full Property listings DB – All PropSpace CRM client data…
  • 🏴‍☠️ Coinbasecartel has just published a new victim : Dreyfuss Williams & Associates CO LPA: Dreyfuss Williams Attorneys & Counselors at Law is a law firm specializing in Health Care Law, offering legal representation to hospitals and medic…
  • 🏴‍☠️ J has just published a new victim : ikad.com.au – A 5-Month Staycation in the Defense Supply Chain: [AI generated] N/A
  • 🏴‍☠️ Stormous has just published a new victim : !: VPN access to the company’s internal network is provided
  • 🏴‍☠️ Nightspire has just published a new victim : Servicios del Valle del Fuerte, Mexico: Servicios del Valle del Fuerte, Mexico
  • 🏴‍☠️ Nightspire has just published a new victim : Fidelity Pension Managers, Nigeria: Fidelity Pension Managers, Nigeria
  • 🏴‍☠️ Nightspire has just published a new victim : Eastern Cape Department of Human Settlements, South Africa: Eastern Cape Department of Human Settlements, South Africa
  • 🏴‍☠️ Nightspire has just published a new victim : Instituto Nacional de Oftalmologia, Peru: Instituto Nacional de Oftalmologia, Peru
  • 🏴‍☠️ Medusa has just published a new victim : Atrium Living Centers: Atrium Living Centers is a 100% employee-owned company providing skilled nursing, rehabilitation, and long-term care services.
  • 🏴‍☠️ Beast has just published a new victim : Ringmor: CallMor offers virtual phone system services aimed at businesses looking for unlimited communication options with no hidden fees.
  • 🏴‍☠️ Beast has just published a new victim : Punjab Forensic Science Agency: The Punjab Forensic Science Agency (PFSA) provides a range of forensic services including audio visual analysis, computer forensics, DNA and serology…
  • 🏴‍☠️ Beast has just published a new victim : Noroaco: Noroaco – Ferro e Aco specializes in a diverse range of high-quality steel products including tubes, beams, tiles, sheets, and plasma cutting services.
  • 🏴‍☠️ Qilin has just published a new victim : Gullco International: N/A
  • 🏴‍☠️ Qilin has just published a new victim : Hitzinger: N/A
  • 🏴‍☠️ Qilin has just published a new victim : Gadge USA: N/A
  • Drilling Down on Uncle Sam’s Proposed TP-Link Ban: The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems…