Ransomware Update – 2025-11-24

[Content by Gemini 2.5]

Latest Ransomware News and New File Extensions

  • Akira:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified.
    • Targets: Food manufacturing (Chairmans Foods).
    • Decryption Status: No known public decryption tool available.
    • Source: Source URL not available in the provided input.

  • Beast:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified.
    • Targets: Healthcare / Pharmacy (Outback Pharmacies).
    • Decryption Status: No known public decryption tool available.
    • Source: Source URL not available in the provided input.

  • Chaos:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified.
    • Targets: Retail (mToilet – Sporting & Recreational Equipment).
    • Decryption Status: No known public decryption tool available.
    • Source: Source URL not available in the provided input.

  • Dragonforce:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified.
    • Targets: Various sectors including Food & Beverage (Bodega San Huberto), Agro-industrial (Parsirang), Construction Supply (Summit Construction Supply, Nugent Supply), Industrial Systems (Fueling Solutions Inc.), Insurance (Healthcare & More), Logistics (Barr Trucking Inc.), and Manufacturing (F-W-S Countertops).
    • Decryption Status: No known public decryption tool available.
    • Source: Source URL not available in the provided input.

  • Nova:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified.
    • Targets: Construction/HVAC (ANG BROTHERS) and Scientific Research (National Institute of Materials Physics, Romania).
    • Decryption Status: No known public decryption tool available.
    • Source: Source URL not available in the provided input.

  • Play:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified.
    • Targets: Organizations in Canada and the United States (Katch Kan, Turkstra Trusses, Keystone Fabricating).
    • Decryption Status: No known public decryption tool available.
    • Source: Source URL not available in the provided input.

  • Qilin:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified.
    • Targets: Multiple sectors including Automotive Finance (Nissan Capital), Law (The Hunnicutt Law Group, Capp Shupak), Food & Beverage (Cayuga Milk Ingredients), Electronics (Cal-Comp Electronics Public), and Construction (Berts Electric).
    • Decryption Status: No known public decryption tool available.
    • Source: Source URL not available in the provided input.

  • Rhysida:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified.
    • Targets: Education (Collge Superieur De Montreal).
    • Decryption Status: No known public decryption tool available.
    • Source: Source URL not available in the provided input.

  • Sinobi:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified.
    • Targets: Diverse industries including Urban Development (Adept), Healthcare (Advanced Dental), Recruiting (Access Search), Food Products (Liberty Gold Fruit), and Culture/Museums (Homestead Museum).
    • Decryption Status: No known public decryption tool available.
    • Source: Source URL not available in the provided input.

  • Tengu:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified.
    • Targets: Leisure and Sports (Coral Clubes – Mexico).
    • Decryption Status: No known public decryption tool available.
    • Source: Source URL not available in the provided input.

  • Thegentlemen:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified.
    • Targets: Primarily healthcare and finance in Vietnam, including AiHealth, KIM Dental, Pacific Holdings Group JSC, NBCAPITAL JOINT STOCK COMPANY, and Singapore City Development Company Limited (SINGCONS).
    • Decryption Status: No known public decryption tool available.
    • Source: Source URL not available in the provided input.

  • Worldleaks:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified.
    • Targets: Heavy Industry / Nuclear Sector (Nuclebrás Equipamentos Pesados, Brazil).
    • Decryption Status: No known public decryption tool available.
    • Source: Source URL not available in the provided input.

Observations and Further Recommendations

  • A large number of distinct ransomware groups (Akira, Qilin, Dragonforce, Sinobi, etc.) reported new victims, indicating a highly active and diverse threat landscape.
  • The attacks are indiscriminate, affecting a wide array of sectors globally, including healthcare, manufacturing, finance, education, construction, and government-affiliated institutions.
  • The reports are based on data leaks, which means that ransomware negotiations either failed or were not initiated, and the attackers are now publicizing stolen data to exert pressure.
  • Organizations should prioritize robust security measures, including regular system patching, multi-factor authentication (MFA), network segmentation, employee phishing awareness training, and maintaining offline, immutable backups to ensure resilience against such attacks.

News Details

  • Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs: New research from CrowdStrike has revealed that DeepSeek’s artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain topics deemed politically sensitive by China.
  • ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access: A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad.
  • Microsoft to remove WINS support after Windows Server 2025: Microsoft has warned IT administrators to prepare for the removal of Windows Internet Name Service (WINS) from Windows Server releases starting in November 2034.
  • Microsoft: Windows 11 24H2 bug crashes Explorer and Start Menu: Microsoft has confirmed a critical Windows 11 24H2 bug that causes the File Explorer, the Start Menu, and other key system components to crash after installing cumulative updates released since July 2025.
  • Google enables Pixel-to-iPhone file sharing via Quick Share, AirDrop: Google has added interoperability support between Android Quick Share and Apple AirDrop, to let users share files between Pixel devices and iPhones.
  • Enterprise password security and secrets management with Passwork 7: Passwork 7 unifies enterprise password and secrets management in a self-hosted platform. Organizations can automate credential workflows and test the full system with a free trial and up to 50% Black Friday savings.
  • Iberia discloses customer data leak after vendor security breach: Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers. The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the airline.
  • New Costco Gold Star Members also get a $40 Digital Costco Shop Card: The holidays can be hard on any budget, but there may be a way to make it a little easier. Instead of dashing through the snow all around town, get all your shopping done under one roof at Costco.
  • WhatsApp API flaw let researchers scrape 3.5 billion accounts: Researchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting.
  • DOGE is no more, and in its wake, only chaos: In April, Elon Musk began backing away from his role as head of DOGE. By June, he was more or less fully gone from DC. In his wake, he left a power vacuum and significant ill will that has apparently led to the dissolution of DOGE eight months before its charter expires.
  • About This Account reveals the scale of X’s foreign troll problem: It’s long been known that X (and Twitter before it) is a major venue for foreign influence campaigns to meddle in American politics. Much of the focus has been on Russian troll farms, which the US government has targeted on several occasions. But the launch of X’s About This Account feature may have revealed the scope and geographical breadth of its foreign troll problem.
  • Some of the best Nintendo Switch games are up to $30 off for Black Friday: Nintendo has made some of the most iconic video games of all time, but building a library of the standouts can quickly become expensive, especially given that many titles don’t often go on sale at a significant discount.
  • X’s messy About This Account rollout has caused utter chaos: Yesterday X started rolling out a new About This Account feature, which included what country the account was created from and what country the account is “based” in (which is different from “connected via”).
  • Sony’s last-gen XM4 headphones are over 50 percent off for Black Friday: More than five years after making their debut, Sony’s WH-1000XM4 remain an excellent pair of noise-canceling headphones. And right now, Best Buy is offering a doorbuster deal that drops them to just $159.99 ($190 off) for a limited time.
  • 🏴‍☠️ Sinobi has just published a new victim : Adept: ADEPT Projects specializes in innovative urban development and design solutions. They focus on creating sustainable and functional spaces that enhance community living.
  • 🏴‍☠️ Rhysida has just published a new victim : Collge Superieur De Montreal: Collge Superieur De Montreal
  • 🏴‍☠️ Akira has just published a new victim : Chairmans Foods: Chairmans Foods is a gold-star rated, USDA manufacturing plant an d producer of fresh, frozen and refrigerated food products for more than 40 years.
  • 🏴‍☠️ Sinobi has just published a new victim : Advanced Dental: Advanced Dental, located in Aliso Viejo, CA, offers cutting-edge laser dentistry and a wide range of comprehensive dental services tailored for families.
  • 🏴‍☠️ Sinobi has just published a new victim : Access Search: Access Search, Inc. was founded with one simple mission: to be an honest, diligent, and knowledgeable search firm.
  • 🏴‍☠️ Sinobi has just published a new victim : Liberty Gold Fruit: Liberty Gold Fruit Company, Inc. is a family-owned business renowned for its premium quality food products and exceptional service since 1932.
  • 🏴‍☠️ Thegentlemen has just published a new victim : NBCAPITAL JOINT STOCK COMPANY: NBCAPITAL Investment Co., Ltd. is a Vietnamese company engaged in investment and business operations, maintaining a complete internal corporate structure that includes finance, accounting, legal, human resources, sales, marketing, IT, and operations.
  • 🏴‍☠️ Thegentlemen has just published a new victim : Singapore City Development Company Limited (SINGCONS): Singapore City Development Company Limited (SINGCONS) is a construction and real-estate development firm operating in Vietnam and the wider region, offering full-scope services.
  • 🏴‍☠️ Thegentlemen has just published a new victim : AiHealth: Provider of online medical services intended to assist in finding personal doctors, booking appointments, and buying medication online.
  • 🏴‍☠️ Thegentlemen has just published a new victim : KIM Dental: Kim Dental operates the largest and most reputable dental clinic network in Vietnam, offering nationwide coverage with modern facilities, advanced treatment technologies, and internationally standardized care.
  • 🏴‍☠️ Sinobi has just published a new victim : Homestead Museum: The Homestead Museum is a Historic-Cultural Landmark located in the City of Industry, California, showcasing the history of Los Angeles from the 1840s to the 1920s.
  • 🏴‍☠️ Nova has just published a new victim : ANG BROTHERS (M&E) PTE. LTD. (P2): ANG BROTHERS (M&E) PTE. LTD. (the “Company”) is a Exempt Private Company Limited by Shares, incorporated on 22 July 2002 (Monday) in Singapore.
  • 🏴‍☠️ Thegentlemen has just published a new victim : Pacific Holdings Group JSC.: Pacific Holdings Vietnam Joint Stock Company (“Pacific Holdings”) is a diversified healthcare group headquartered in Vietnam, operating a rapidly expanding network of medical and dental clinics.
  • 🏴‍☠️ Chaos has just published a new victim : mToilet: mToilet is a company that operates in the Sporting & Recreational Equipment Retail industry.
  • 🏴‍☠️ Qilin has just published a new victim : Maheu&Maheu: N/A
  • 🏴‍☠️ Qilin has just published a new victim : Cal-Comp Electronics Public: N/A
  • 🏴‍☠️ Tengu has just published a new victim : Coral Clubes – Mexico: Coral Clubes – Mexico The Fimex Group offers a collection of luxury leisure and sports clubs, with a special focus on golf clubs and integrated resorts.
  • 🏴‍☠️ Qilin has just published a new victim : Cayuga Milk Ingredients: N/A
  • 🏴‍☠️ Qilin has just published a new victim : The Hunnicutt Law Group: N/A
  • 🏴‍☠️ Qilin has just published a new victim : Berts Electric: N/A
  • 🏴‍☠️ Qilin has just published a new victim : Capp Shupak: N/A
  • 🏴‍☠️ Nova has just published a new victim : National Institute of Materials Physics: Romania. Scientific Institute in Bucharest. He is engaged in fundamental and applied research and development, in particular in the field of solid state physics and materials research.
  • 🏴‍☠️ Beast has just published a new victim : Outback Pharmacies: Outback Pharmacies operates five locations in Broken Hill, providing a wide range of health services including prescriptions, sleep apnoea management, vaccinations, and weekly medicine packing.
  • 🏴‍☠️ Qilin has just published a new victim : Nissan Capital: N/A
  • 🏴‍☠️ Worldleaks has just published a new victim : Nuclebrás Equipamentos Pesados: [AI generated] “Nuclebrás Equipamentos Pesados S.A. (NUCLEP) is a Brazilian state-owned company under the Ministry of Science, Technology, Innovation, and Communications. Founded in 1975, NUCLEP is responsible for developing and manufacturing heavy equipment, especially for nuclear power plants.
  • 🏴‍☠️ Dragonforce has just published a new victim : Bodega San Huberto: Bodega | San Huberto offers a welcoming environment for all, catering to both Spanish and English-speaking clients. The company focuses on creating a friendly atmosphere for visitors.
  • 🏴‍☠️ Dragonforce has just published a new victim : Parsirang: Parsirang is a large Iranian agro-industrial company focused on egg production, but also involved in feed, olive farming, and compost fertilizer.
  • 🏴‍☠️ Dragonforce has just published a new victim : Summit Construction Supply: Summit Construction Supply is a leading commercial construction product supplier based in Loveland, Colorado, specializing in providing a wide range of construction materials.
  • 🏴‍☠️ Dragonforce has just published a new victim : Nugent Supply: Nugent Supply Company is a Women Business Enterprise (WBE) and a member of the Specialty Tools and Fasteners Distributors Association (STAFDA) based in Loveland, Colorado.
  • 🏴‍☠️ Dragonforce has just published a new victim : Fueling Solutions Inc.: Fueling Solutions, Inc. specializes in providing commercial, industrial, and mission-critical fueling systems across over 30 countries on four continents.
  • 🏴‍☠️ Dragonforce has just published a new victim : Healthcare & More: Healthcare & Moore, led by independent insurance broker Myra ‘Lynn’ Moore, specializes in a comprehensive range of insurance products including Medicare plans, health insurance, life insurance, annuities, and dental coverage.
  • 🏴‍☠️ Dragonforce has just published a new victim : Barr Trucking Inc.: Barr Trucking was formed in 1981 by William Mark Barr and his Father William DeWitt Barr in Pinckneyville, IL.
  • 🏴‍☠️ Dragonforce has just published a new victim : F-W-S Countertops: F-W-S COUNTERTOPS specializes in the design, fabrication, and installation of premium countertops, including Quartzite, Granite, Sintered Stone, Man-Made Quartz, and Wood Butcher Block.
  • 🏴‍☠️ Play has just published a new victim : Katch Kan: Canada
  • 🏴‍☠️ Play has just published a new victim : Keystone Fabricating: United States
  • 🏴‍☠️ Play has just published a new victim : Turkstra Trusses: Canada