Ransomware Update – 2025-08-06

[Content by Gemini 2.5]

Latest Ransomware News and New File Extensions

  • Unspecified Ransomware Gangs (via SonicWall Vulnerability):

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Actively exploiting a suspected unknown security vulnerability in SonicWall Gen 7 firewalls to breach networks, specifically targeting SSLVPN services.
    • Targets: Organizations using vulnerable SonicWall Gen 7 firewalls.
    • Decryption Status: No information provided.
    • Source: SonicWall urges admins to disable SSLVPN amid rising attacks

  • Qilin:

    • New Encrypted File Extension: Not specified in the provided news.
    • Attack Methods: Data exfiltration and extortion via its public leak site. Mentioned as a prominent threat during Summer 2025.
    • Targets: Diverse sectors, with recently listed victims including STS Alpresor (a Nordic tour operator) and Eastern Adjustment Company, Inc.
    • Decryption Status: No known public decryption tool.
    • Source: The Heat Wasn’t Just Outside: Cyber Attacks Spiked in Summer 2025; Ransomware leak site announcement

  • Interlock:

    • New Encrypted File Extension: Not specified, but a “FileFix” variant was mentioned.
    • Attack Methods: Data exfiltration and extortion via its public leak site. Identified as a significant threat during Summer 2025.
    • Targets: Healthcare sector, with Weisman Children’s Rehabilitation Hospital listed as a recent victim.
    • Decryption Status: No known public decryption tool.
    • Source: The Heat Wasn’t Just Outside: Cyber Attacks Spiked in Summer 2025; Ransomware leak site announcement

  • Embargo:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data exfiltration (claimed 800GB stolen) and extortion via its public leak site, with threats to post data in stages.
    • Targets: Healthcare sector, specifically Heart of America Medical Center (HAMC).
    • Decryption Status: No known public decryption tool.
    • Source: Ransomware leak site announcement

  • Play:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data exfiltration and extortion via its public leak site.
    • Targets: Various organizations in the United States, including Phoenix Lighting, Backstage Library Works, White Horse Packaging, and Terillium.
    • Decryption Status: No known public decryption tool.
    • Source: Ransomware leak site announcement

  • Pear:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data exfiltration and extortion via its public leak site.
    • Targets: A wide variety of sectors including construction, hospitality, legal, manufacturing, real estate, and religious institutions.
    • Decryption Status: No known public decryption tool.
    • Source: Ransomware leak site announcement

Observations and Further Recommendations

  • A significant number of ransomware groups (including Qilin, Interlock, Play, Embargo, Dragonforce, Pear, and others) are actively publishing victims on their leak sites, indicating a high operational tempo across the cybercrime landscape.
  • Attackers continue to target critical and sensitive sectors such as healthcare (Heart of America Medical Center, Weisman Children’s) and educational institutions, posing a severe risk to public services.
  • A key attack vector remains the exploitation of vulnerabilities in network edge devices. The SonicWall advisory is a critical reminder for organizations to secure their perimeter by disabling non-essential services like SSLVPN and applying security patches urgently.
  • Organizations should prioritize hardening internet-facing systems, maintain regular data backups, and implement a robust incident response plan to mitigate the impact of a potential ransomware attack.

News Details

  • ReVault flaws let hackers bypass Windows login on Dell laptops: ControlVault3 firmware vulnerabilities impacting over 100 Dell laptop models can allow attackers to bypass Windows login and install malware that persists across system reinstalls.
  • WhatsApp adds new security feature to protect against scams: WhatsApp is introducing a new security feature that will help users spot potential scams when they are being added to a group chat by someone not in their contact list.
  • Trend Micro warns of Apex One zero-day exploited in attacks: Trend Micro has warned customers to immediately secure their systems against an actively exploited remote code execution vulnerability in its Apex One endpoint security platform.
  • Microsoft pays record $17 million in bounties over the last 12 months: ​Microsoft paid a record $17 million this year to 344 security researchers across 59 countries through its bug bounty program.
  • Pandora confirms data breach amid ongoing Salesforce data theft attacks: Danish jewelry giant Pandora has disclosed a data breach after its customer information was stolen in the ongoing Salesforce data theft attacks.
  • PBS confirms data breach after employee info leaked on Discord servers: PBS has suffered a data breach exposing the corporate contact information of its employees and those of its affiliates, BleepingComputer has learned.
  • Adobe issues emergency fixes for AEM Forms zero-days after PoCs released: Adobe released emergency updates for two zero-day flaws in Adobe Experience Manager (AEM) Forms on JEE after a PoC exploit chain was disclosed that can be used for unauthenticated, remote code execution on vulnerable instances.
  • The Heat Wasn’t Just Outside: Cyber Attacks Spiked in Summer 2025: Can your defenses withstand the biggest attacks of Summer 2025? From Interlock’s FileFix to Qilin, Scattered Spider, and ToolShell exploits—simulate them all against your organization’s defenses with Picus Security Validation Platform to find gaps before attackers do.
  • Cisco discloses data breach impacting Cisco.com user accounts: Cisco has disclosed that cybercriminals stole the basic profile information of users registered on Cisco.com following a voice phishing (vishing) attack that targeted a company representative.
  • SonicWall urges admins to disable SSLVPN amid rising attacks: SonicWall has warned customers to disable SSLVPN services due to ransomware gangs potentially exploiting an unknown security vulnerability in SonicWall Gen 7 firewalls to breach networks over the past few weeks.
  • Android gets patches for Qualcomm flaws exploited in attacks: Google has released security patches for six vulnerabilities in Android’s August 2025 security update, including two Qualcomm flaws exploited in targeted attacks.
  • Microsoft increases Zero Day Quest prize pool to $5 million: Microsoft will offer up to $5 million in bounty awards at this year’s Zero Day Quest hacking contest, which the company describes as the “largest hacking event in history.”
  • Apple is suing Apple Cinemas: Apple is suing the owner of the Apple Cinemas theater chain, Sand Media, over alleged trademark infringement, as reported by Reuters. In the lawsuit, Apple alleges that Apple Cinemas and Sand Media have made efforts to “capitalize on the highly-regarded Apple brand in connection with the aggressive nationwide expansion”.
  • TP-Link’s new travel router delivers Wi-Fi 7 speeds: TP-Link’s new Wi-Fi 7 travel router doesn’t feature a battery but can be powered by your laptop or a power bank.
  • The best laptop deals you can get right now: If you want a great laptop, you’re going to have to fork over a ton of money, right? Not necessarily. There are dozens of good laptops on the market at various price points.
  • Here are the best streaming service deals available right now: So far, 2025 has been a great year for watching new, must-see TV shows and movies on subscription services. But if you, like many of us, have more concurrent subscriptions than you care to admit, you’ll agree that keeping up with the latest stuff every month can get expensive.
  • Google Gemini can now create AI-generated bedtime stories: Google rolled out a new tool within its Gemini AI chatbot that lets you create an illustrated story by simply describing it. The feature, called “Storybook,” generates 10-page stories, each with a short paragraph of text that Gemini can read aloud, along with an accompanying illustration.
  • OpenAI releases a free GPT model that can run on your laptop: OpenAI is releasing a new open-weight model dubbed GPT-OSS that can be downloaded for free, be customized, and even run on a laptop.
  • Sony’s noise-canceling WH-1000XM6 are discounted to their Prime Day low: With back-to-school season in full swing, it feels like we’re stumbling on great deals for students every day.
  • This retro camcorder upgrades Super 8 film cameras with modern conveniences: Camp Snap, a brand known for its budget-friendly screen-free digital cameras, has announced its first video camera. The new Camp Snap CS-8’s design was inspired by the Super 8mm film cameras released by companies like Kodak and Canon in the ‘60s and ‘70s.
  • Grok’s ‘spicy’ video setting instantly made me Taylor Swift nude deepfakes: The “spicy” mode for Grok’s new generative AI video tool feels like a lawsuit waiting to happen. While other video generators like Google’s Veo and OpenAI’s Sora have safeguards in place to prevent users from creating NSFW content and celebrity deepfakes, Grok Imagine is happy to do both simultaneously.
  • Google’s Pixel 9A is cheaper than ever right now: The Google Pixel 9A is a midrange phone done right, offering a great balance of hardware, features, and value.
  • With Eyes on AI, African Orgs Push Security Awareness: Against the backdrop of the artificial intelligence surge, most African organizations have some form of cybersecurity awareness training but fail to test frequently and don’t trust the results.
  • Pandora Confirms Third-Party Data Breach, Warns of Phishing Attempts: The jewelry retailer is warning customers that their data can and might be used maliciously.
  • RCE Flaw in AI-Assisted Coding Tool Poses Software Supply Chain Risk: A critical vulnerability in the trust model of Cursor, a fast-growing tool for LLM-assisted development, allows for silent and persistent remote code execution.
  • Cisco User Data Stolen in Vishing Attack: The networking giant said this week that an employee suffered a voice phishing attack that resulted in the compromise of select user data, including email addresses and phone numbers.
  • 🏴‍☠️ Embargo has just published a new victim : Heart of America Medical Centr (HAMC): About Heart of America Medical Center. A non-profit hospital offering comprehensive medical services… – I have your Data 800GB. I will post the data in three stages.
  • 🏴‍☠️ Dragonforce has just published a new victim : Diversified Project Services International: Diversified Project Services International, Inc. (DPSI) is a leader in engineering, geomatics (surveying), planning, permitting, inspection, energy management and construction management.
  • 🏴‍☠️ Pear has just published a new victim : Neff Specialties: Neff Specialties is a specialty sub-contractor that caters to the education, industrial, and commercial sectors across Pennsylvania, West Virginia, and Northern Maryland.
  • 🏴‍☠️ Safepay has just published a new victim : ridgefield.org: [AI generated] “Ridgefield.org” represents Ridgefield public schools in Ridgefield, Connecticut. It is a holistic platform providing comprehensive information about the school district…
  • 🏴‍☠️ Lynx has just published a new victim : cibraco: Cibraco Imóveis, referência no mercado imobiliário de Curitiba e Regão Metropolitana. São mais de 80 anos de experiência na venda e locação de imóveis.
  • 🏴‍☠️ Direwolf has just published a new victim : HCK Capital Group: [AI generated] HCK Capital Group is a Malaysian investment holding company, primarily operating in the fields of property development, education, and media.
  • 🏴‍☠️ Kairos has just published a new victim : melland.bright-futures.co.uk: UK – Melland High School
  • 🏴‍☠️ Incransom has just published a new victim : Carrollton Ear Nose and Throat: Carrollton Ear, Nose and Throat, P.C. and the staff would like to welcome you to our website! We hope you find our website helpful when searching for information about our practice and your health needs.
  • 🏴‍☠️ Qilin has just published a new victim : alpresor.se: Have you traveled to the Alps? Your personal data is in this archive. The full archive of STS Alpresor company is publicly available. The largest tour operator in the Nordic region…
  • 🏴‍☠️ Interlock has just published a new victim : Weisman Children’s: Weisman Children’s Rehabilitation Hospital is the leading provider of pediatric rehabilitation services in the Delaware Valley.