Ransomware Update – 2025-08-04

[Content by Gemini 2.5]

Latest Ransomware News and New File Extensions

  • Various Ransomware Gangs:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Exploiting a critical vulnerability chain in Microsoft SharePoint servers to gain initial access.
    • Targets: At least 148 organizations worldwide using vulnerable SharePoint instances.
    • Decryption Status: No decryption information available; status depends on the specific ransomware variant used in each attack.
    • Source: Source URL not provided in the input.

  • Qilin:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data exfiltration for double extortion; the group claims to have stolen invoices, customer databases, IDs, and financial records.
    • Targets: Aggressive Air Compressor & co.
    • Decryption Status: No known public decryptor.
    • Source: Source URL not provided in the input.

  • D4rk4rmy:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data exfiltration for public shaming and extortion.
    • Targets: Casino de Monte-Carlo (hospitality), DIMERCO (logistics), and Big Rock Resort (hospitality).
    • Decryption Status: No known public decryptor.
    • Source: Source URL not provided in the input.

  • Lynx:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data exfiltration for extortion.
    • Targets: Frontline Bioenergy (energy sector) and gid-it.de (German IT systems integrator).
    • Decryption Status: No known public decryptor.
    • Source: Source URL not provided in the input.

  • Dragonforce:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data exfiltration for extortion.
    • Targets: Banco Guanabara (financial institution).
    • Decryption Status: No known public decryptor.
    • Source: Source URL not provided in the input.

Observations and Further Recommendations

  • Ransomware groups are actively collaborating or independently targeting the same critical vulnerabilities in widely used enterprise software, as seen with the attacks on Microsoft SharePoint.
  • Attackers are targeting a diverse range of industries, including finance, energy, IT, logistics, and hospitality, indicating that no sector is immune.
  • The primary trend continues to be data exfiltration for double extortion, where gangs threaten to leak stolen data to pressure victims into paying a ransom.
  • Organizations must prioritize timely patching of internet-facing systems like SharePoint. Implementing robust monitoring and authentication controls, such as for Linux PAM, can help detect and prevent intrusions.

News Details

  • ⚡ Weekly Recap: VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More: Malware isn’t just trying to hide anymore—it’s trying to belong. We’re seeing code that talks like us, logs like us, even documents itself like a helpful teammate. Some threats now look more like developer tools than exploits. Others borrow trust from open-source platforms, or quietly build themselves out of AI-written snippets. It’s not just about being malicious—it’s about being believable.
  • Man-in-the-Middle Attack Prevention Guide: Some of the most devastating cyberattacks don’t rely on brute force, but instead succeed through stealth. These quiet intrusions often go unnoticed until long after the attacker has disappeared. Among the most insidious are man-in-the-middle (MITM) attacks, where criminals exploit weaknesses in communication protocols to silently position themselves between two unsuspecting parties
  • New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft: Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year. “The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access,” Nextron Systems researcher Pierre-Henri Pezier said.
  • The Wild West of Shadow IT: Everyone’s an IT decision-maker now. The employees in your organization can install a plugin with just one click, and they don’t need to clear it with your team first. It’s great for productivity, but it’s a serious problem for your security posture.
  • PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads: Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong.
  • Ransomware gangs join attacks targeting Microsoft SharePoint servers: Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide.
  • Mozilla warns of phishing attacks targeting add-on developers: Mozilla has warned browser extension developers of an active phishing campaign targeting accounts on its official AMO (addons.mozilla.org) repository.
  • Brendan Carr declares victory over the First Amendment: On Monday, the Freedom of the Press Foundation filed a complaint against Federal Communications Commission Chairman Brendan Carr. The filing, sent to the Office of Disciplinary Counsel at the DC Court of Appeals, alleges that Carr had repeatedly broken basic principles of conduct as a licensed attorney, including by leveraging his power to control media outlets’ speech.
  • Nintendo raises the Switch 1 price from $299 to $339: The original Nintendo Switch, which has cost $299.99 in the US since its release in 2017, is now priced at $339.99 on Nintendo’s online store. Other first-gen Switch models are now more expensive, too, with the Switch OLED going from $349.99 to $399.99, and the Switch Lite increasing from $199.99 to $229.99.
  • Lenovo’s rollable laptop is the coolest computer I’ve used all year: Part of me still can’t believe it, but Lenovo did the thing: it took a bonkers concept for a laptop with a rollable screen and built the tech into something you can actually own and use like a normal computer. Except, as conventional as the ThinkBook Plus Gen 6 can be, it’s far from a normal computer.
  • A webcam that’s almost like a real camera: Hi, friends! Welcome to Installer No. 92, your guide to the best and Verge-iest stuff in the world. This week, I am finally smashing my way through Donkey Kong Bananza, perusing the Panama Playlists, wishing I had a yard so I had an excuse to buy Ultra Skelly, clenching my stomach at JerryRigEverything’s Samsung Galaxy Z Fold 7 durability test…
  • Today I’m toying with: The simple joy of gadgets — that’s what “Today I’m Toying With” is all about. It’s our video series where we try to encapsulate that joy of playing with technology, sharing what it’s like to experience gadgets that not all of us get to touch!
  • 🏴‍☠️ Lynx has just published a new victim : Frontline Bioenergy: Since 2003, Frontline BioEnergy has been designing systems and proprietary equipment for biomass gasification. As each year passes, there is a noticeable and growing need to explore alternatives for clean fuel and energy production.
  • 🏴‍☠️ Dragonforce has just published a new victim : Banco Guanabara: Banco Guanabara, financiamento de veculos comerciais, financie seu nibus, caminhes e Sprinters, CDC, Leasing, BNDES Finame e Finame Leasing, Av. Brasil 8.255 Ramos Rio de Janeiro RJ CEP: 21030.000, Tel.: (21) 2562-9600
  • 🏴‍☠️ Qilin has just published a new victim : Aggressive Air Compressor & co: We have full control of your systems, including: ✅ All invoices ✅ Customer databases (names, addresses, contact details) ✅ Scanned documents (IDs, driver’s licenses, confidential files) ✅ Financial records & other sensitive data …
  • 🏴‍☠️ D4rk4rmy has just published a new victim : CASINO DE MONTE-CARLO: https://www.montecarlosbm.com/ Monte-Carlo Société des Bains de Mer (SBM) is a prestigious hospitality group founded in 1863, renowned for shaping Monaco’s identity as a global symbol of luxury and sophistication.
  • 🏴‍☠️ D4rk4rmy has just published a new victim : DIMERCO: https://dimerco.com international freight forwarder and logistics company, Dimerco trade compliance and contract logistics services to make global supply chains more effective and efficient.
  • 🏴‍☠️ D4rk4rmy has just published a new victim : BIG ROCK RESORT: https://www.bigrockresort.net/ Big Rock Resort features the only truly lakefront cabins in June Lake, CA. 8 fantastic cabins to choose from that accommodate individuals, couples, families, family reunions, weddings, and corporate retreats.
  • 🏴‍☠️ Lynx has just published a new victim : gid-it.de: GID GmbH is a system house operating throughout Germany based in Cologne. As a system integrator, GID advises and offers solutions in the areas of infrastructure, HCI, storage, backup, e-mail/file management, deduplication, server and virtualization.