Ransomware Update – 2025-08-10

[Content by Gemini 2.5]

Latest Ransomware News and New File Extensions

  • Qilin:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified in the provided articles.
    • Targets: Getech (geoscience), St Thomas More Catholic High School (education), JTEKT (manufacturing), Formacompany (financial services), CS STEEL a.s. (manufacturing).
    • Decryption Status: No public decryption tool available. Victims are listed on their leak site.
    • Source: Source URL not provided in the input data.

  • Bqtlock:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified in the provided articles.
    • Targets: European Business Server Cluster (IT/business services).
    • Decryption Status: No public decryption tool available. Victims are listed on their leak site.
    • Source: Source URL not provided in the input data.

  • Play:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified in the provided articles.
    • Targets: NEAS (Canada), RHI Supply (United States), CFI Tire Service (United States).
    • Decryption Status: No public decryption tool available. Victims are listed on their leak site.
    • Source: Source URL not provided in the input data.

  • Cloak:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified in the provided articles.
    • Targets: Wstg-steuerberater.de (German tax advisory firm) and other redacted victims.
    • Decryption Status: No public decryption tool available. Victims are listed on their leak site.
    • Source: Source URL not provided in the input data.

  • Everest:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified in the provided articles.
    • Targets: Viking Automation.
    • Decryption Status: No public decryption tool available. Victims are listed on their leak site.
    • Source: Source URL not provided in the input data.

  • Sinobi:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified in the provided articles.
    • Targets: Dyson Corp. (US-based industrial fastener supplier).
    • Decryption Status: No public decryption tool available. Victims are listed on their leak site.
    • Source: Source URL not provided in the input data.

  • Lynx:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified in the provided articles.
    • Targets: Drive & Shine (US-based car care service).
    • Decryption Status: No public decryption tool available. Victims are listed on their leak site.
    • Source: Source URL not provided in the input data.

  • Safepay:

    • New Encrypted File Extension: Not specified in the provided articles.
    • Attack Methods: Not specified in the provided articles.
    • Targets: mauilodging.com (property rental service in Hawaii).
    • Decryption Status: No public decryption tool available. Victims are listed on their leak site.
    • Source: Source URL not provided in the input data.

Observations and Further Recommendations

  • Multiple ransomware groups, including Qilin, Play, Cloak, and others, are actively publishing victim data, indicating a high operational tempo in the cybercrime landscape.
  • The attacks target a wide range of industries globally, from education and manufacturing to technology and hospitality, demonstrating that no sector is immune.
  • Other significant threats include zero-day exploits (WinRAR), supply chain attacks (Ruby gems), firmware vulnerabilities (Dell, Lenovo), and data breaches (Google), highlighting a complex and multi-faceted threat environment.
  • Organizations should prioritize fundamental cybersecurity hygiene: maintain offline backups, enforce multi-factor authentication, patch systems promptly, and conduct regular security awareness training for employees.

News Details

  • Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks: Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices. “This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system,” Eclypsium researchers said.
  • Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models: Cybersecurity researchers have uncovered multiple security flaws in Dell’s ControlVault3 firmware and its associated Windows APIs that could have been abused by attackers to bypass Windows login, extract cryptographic keys, as well as maintain access even after a fresh operating system install.
  • Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems: Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and produce illicit instructions.
  • CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials: Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully exploited, can allow remote attackers to crack open corporate identity systems and extract enterprise secrets and tokens from them.
  • Google confirms data breach exposed potential Google Ads customers’ info: Google has confirmed that a recently disclosed data breach of one of its Salesforce CRM instances involved the information of potential Google Ads customers.
  • 60 malicious Ruby gems downloaded 275,000 times steal credentials: Sixty malicious Ruby gems containing credential-stealing code have been downloaded over 275,000 times since March 2023, targeting developer accounts.
  • OpenAI to fix GPT-5 issues, double rate limits for paid users after outrage: OpenAI’s CEO, Sam Altman, overpromised on GPT-5, and real-life results are underwhelming, but it looks like a new update is rolling out that might address some of the concerns.
  • WinRAR zero-day exploited to plant malware on archive extraction: A recently fixed WinRAR vulnerability tracked as CVE-2025-8088 was exploited as a zero-day in phishing attacks to install the RomCom malware.
  • FTC: older adults lost record $700 million to scammers in 2024: Americans aged 60 and older lost a staggering $700 million to online scams in 2024, marking a sharp rise in fraud targeting seniors, according to the Federal Trade Commission.
  • The next big AI model is here: Hi, friends! Welcome to Installer No. 93, your guide to the best and Verge-iest stuff in the world. This week, I’m reading about the rise of GEO, laughing at Kirby’s new shapes, acknowledging Google’s good dunk on Apple…
  • RFK Jr. wants a wearable on every American — that future’s not as healthy as he thinks: Kennedy asserts that wearables will help Americans “take control” of their health. It’s not that simple. “My vision is that every American is wearing a wearable within four years.”
  • Aura’s Aspen impressive digital frame is the most affordable it’s been: Returning to work or school from summer vacation is never easy, but the Aura Aspen could help you hold onto your favorite memories by putting them front and center. And right now, you can pick up the digital photo frame for around $199 ($30 off).
  • Is This Seat Taken? makes seating fussy people fun: Creating seating arrangements can be pretty stressful; the empath part of me strives to find the perfect seat for every person even if it’s a nearly impossible task. Chasing that feeling is what Is This Seat Taken? is all about.
  • I went camping in a heat dome, and these five gadgets saved my vacation: I recently returned from a family camping trip to Cades Cove in the Great Smoky Mountains National Park. Thanks to this summer’s heat dome, I was facing a week of feels-like temperatures upwards of 100 degrees – and no air conditioning.
  • Why Donald Trump’s environmental data purge is so much worse this time: Now that we’re about halfway into the first year of President Donald Trump’s second term, we can take stock of his administration’s destruction of online environmental resources. It’s worse than last time.
  • What’s a smut peddler to do these days?: In the aftermath of itch.io pulling the sale of over 20,000 pages of adult content, the creators of that work are left feeling betrayed, exhausted, and fearful.
  • ChatGPT is bringing back 4o as an option because people missed it: OpenAI is bringing back GPT-4o in ChatGPT just one day after replacing it with GPT-5. In a post on X, OpenAI CEO Sam Altman confirmed that the company will let paid users switch to GPT-4o after ChatGPT users mourned its replacement.
  • The best Android phones: The Android ecosystem is all about choice. While iPhone owners have a smaller pool of new devices to pick from when it’s time to upgrade, there’s a wider range of choices on Android. Some Android phones even fold in half! Imagine.
  • A decade later, Windows is still bringing Control Panel features to the Settings app: Microsoft has tried to dumb down its Control Panel with a simple UI over the years, rather than a list of options, but there’s still a number of settings that don’t exist in the new PC Settings app. The latest features to migrate, as of today’s Technical Preview: clock settings.
  • 60 RubyGems Packages Steal Data From Annoying Spammers: A Dark Web antihero has been stealing and then reselling credentials from unsavory online characters. Their motives are questionable, but the schadenfreude is irresistible.
  • 🏴‍☠️ Qilin has just published a new victim : getech.com: Getech applies world-leading geoscience data and unique geospatial software products to locate the subsurface resources that are vital for energy security and a sustainable transition.
  • 🏴‍☠️ Qilin has just published a new victim : St Thomas More Catholic High School: St. Thomas More Catholic High School is one of the most famous and prestigious schools in Louisiana, USA.
  • 🏴‍☠️ Qilin has just published a new victim : jtekt.eu: JTEKT Corporation manufactures and sells steering systems, transmission components, bearings, machine tools, electronic control devices, home appliances, etc.
  • 🏴‍☠️ Qilin has just published a new victim : formacompany: Formacompany & Co is a company that operates a gray business money laundering scheme.
  • 🏴‍☠️ Bqtlock has just published a new victim : European Business Server Cluster: www.bizoneo.com www.bizosoft.eum eeting.wandsoft.com dataprotectionact.ie bizoneo.com www.bizoneo.eu…
  • 🏴‍☠️ Play has just published a new victim : NEAS: Canada
  • 🏴‍☠️ Play has just published a new victim : RHI Supply: United States
  • 🏴‍☠️ Play has just published a new victim : CFI Tire Service: United States
  • 🏴‍☠️ Cloak has just published a new victim : Wstg-steuerberater.de: Seit über dreißig Jahren betreuen Frank Hoffmann und Stephan Hofmann zuverlässig Mandanten an Rhein und Ruhr und aus dem Bergischen Land.
  • 🏴‍☠️ Everest has just published a new victim : Viking Automation: [AI generated] N/A
  • 🏴‍☠️ Sinobi has just published a new victim : Dyson Corp.: Dyson Corporation is a prominent supplier of large diameter, domestic fasteners and forges tailored primarily for the heavy construction, military, marine, aerospace, and energy sectors.
  • 🏴‍☠️ Lynx has just published a new victim : Drive & Shine: Drive & Shine is a premier car care service that offers express car washes, interior cleaning, detailing, and oil changes at locations in Michigan and Indiana.
  • 🏴‍☠️ Safepay has just published a new victim : mauilodging.com: [AI generated] MauiLodging.com is a property rental service company based in Maui, Hawaii.
  • 🏴‍☠️ Qilin has just published a new victim : CIMEXSTEEL.CZ: The Czech holding company CS STEEL a.s. manufactures and sells metal structures for private and public sector clients.
  • KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series: A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker.