Ransomware Update – 2025-08-14

[Content by Gemini 2.5]

Latest Ransomware News and New File Extensions

  • Charon Ransomware:

    • New Encrypted File Extension: Not specified in the article.
    • Attack Methods: Employs advanced persistent threat (APT) level tactics, including DLL side-loading, process injection, and other evasion techniques.
    • Targets: Public sector and aviation industry organizations in the Middle East.
    • Decryption Status: No information on decryption tools is available.
    • Source: [URL not provided in source data]

  • Akira Ransomware:

    • New Encrypted File Extension: Not specified in the leak announcements.
    • Attack Methods: Data exfiltration for double extortion. The group announced data leaks from multiple victims.
    • Targets: Diverse corporate entities, including law firms (Rusin Law, Litchfield Cavo LLP), a digital services company (FranceLink), and an industrial holding company (Cevital).
    • Decryption Status: No decryption information provided; the focus is on public data leaks.
    • Source: [URL not provided in source data]

  • Qilin Ransomware:

    • New Encrypted File Extension: Not specified in the leak announcements.
    • Attack Methods: Data exfiltration and extortion, with public announcements of new victims.
    • Targets: A wide range of sectors, including healthcare (Charak Center for Health), education (Belle Vernon Area School District), construction, logistics, and finance.
    • Decryption Status: No decryption information available.
    • Source: [URL not provided in source data]

  • Sinobi Ransomware:

    • New Encrypted File Extension: Not specified in the leak announcements.
    • Attack Methods: Data exfiltration and extortion-based attacks.
    • Targets: Broad range of industries, including healthcare (Comprehensive Pain Centers), IT support (One Way Solutions), manufacturing (Hygrade Components), and engineering (ECM Consultants).
    • Decryption Status: No decryption information available.
    • Source: [URL not provided in source data]

Observations and Further Recommendations

  • A significant number of ransomware groups (including Akira, Qilin, Sinobi, Beast, and Anubis) are actively using a data exfiltration and leak model (double extortion) to pressure victims.
  • The targets are highly varied, spanning healthcare, legal, government, construction, technology, and finance, indicating that no industry is immune to these attacks.
  • The emergence of new ransomware families like Charon, which utilizes sophisticated APT-like tactics, demonstrates the continuous evolution of ransomware threats.
  • Several critical vulnerabilities are being actively exploited in the wild (e.g., in N-able N-central and FortiSIEM), underscoring the importance of timely patching for all organizations to reduce their attack surface.

News Details

  • Have You Turned Off Your Virtual Oven?: You check that the windows are shut before leaving home. Return to the kitchen to verify that the oven and stove were definitely turned off. Maybe even circle back again to confirm the front door was properly closed. These automatic safety checks give you peace of mind because you know the unlikely but potentially dangerous consequences of forgetting – a break-in, fire, or worse.
  • New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits: Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication (NFC) to conduct relay attacks for facilitating fraudulent transactions in attacks targeting banking customers in Brazil.
  • Simple Steps for Attack Surface Reduction: Story teaser text: Cybersecurity leaders face mounting pressure to stop attacks before they start, and the best defense may come down to the settings you choose on day one. In this piece, Yuriy Tsibere explores how default policies like deny-by-default, MFA enforcement, and application Ringfencing ™ can eliminate entire categories of risk.
  • Google Requires Crypto App Licenses in 15 Regions as FBI Warns of $9.9M Scam Losses: Google said it’s implementing a new policy requiring developers of cryptocurrency exchanges and wallets to obtain government licenses before publishing apps in 15 jurisdictions in order to “ensure a safe and compliant ecosystem for users.”
  • CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
  • New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks: Cybersecurity researchers have discovered a new malvertising campaign that’s designed to infect victims with a multi-stage malware framework called PS1Bot.
  • Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws: Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.
  • Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code: Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0.
  • AI SOC 101: Key Capabilities Security Leaders Need to Know: Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what turns out to be false positives, or switching between half a dozen tools to piece together context.
  • Webinar: What the Next Wave of AI Cyberattacks Will Look Like — And How to Survive: The AI revolution isn’t coming. It’s already here. From copilots that write our emails to autonomous agents that can take action without us lifting a finger, AI is transforming how we work. But here’s the uncomfortable truth: Attackers are evolving just as fast.
  • Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws: Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known at the time of the release.
  • Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics: Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry.
  • Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks: New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident.
  • Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager: Cybersecurity researchers are warning of a “significant spike” in brute-force traffic aimed at Fortinet SSL VPN devices.
  • Leak: OpenAI’s browser will use ChatGPT Agent to control the browser: OpenAI is building an agentic future with its upcoming Chromium-based browser and a new leak confirms GPT Agent integration.
  • CISA warns of N-able N-central flaws exploited in zero-day attacks: ​CISA warned on Wednesday that attackers are actively exploiting two security vulnerabilities in N‑able’s N-central remote monitoring and management (RMM) platform.
  • Microsoft fixes Windows 11 24H2 updates failing with 0x80240069 error: Microsoft has resolved a known issue preventing the August 2025 Windows 11 24H2 cumulative update from being delivered via Windows Server Update Services (WSUS).
  • Google Gemini’s Deep Research is finally coming to API: Google Gemini’s one of the most powerful features is Deep Research, but up until now, it has been strictly limited to the Gemini interface. This could change soon.
  • OpenAI relaxes GPT-5 rate limit, promises to improve the personality: OpenAI is slowly addressing all concerns around GPT-5, including rate limits and now its personality, which has been criticized for being less affirmative.
  • Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild: Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates.
  • Windows 11 24H2 updates failing again with 0x80240069 errors: The KB5063878 Windows 11 24H2 cumulative update, released earlier this week, fails to install on some systems according to widespread reports from Windows administrators.
  • New downgrade attack can bypass FIDO auth in Microsoft Entra ID: Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking.
  • Spike in Fortinet VPN brute-force attacks raises zero-day concerns: A massive spike in brute-force attacks targeted Fortinet SSL VPNs earlier this month, followed by a switch to FortiManager, marked a deliberate shift in targeting that has historically preceded new vulnerability disclosures.
  • Pennsylvania attorney general’s email, site down after cyberattack: The Office of the Pennsylvania Attorney General has announced that a recent cyberattack has taken down its systems, including landline phone lines and email accounts.
  • Microsoft removes PowerShell 2.0 from Windows 11, Windows Server: Microsoft will remove PowerShell 2.0 from Windows starting in August, eight years after announcing its deprecation and keeping it around as an optional feature.
  • Microsoft asks users to ignore certificate enrollment errors: Microsoft has asked customers this week to disregard incorrect CertificateServicesClient (CertEnroll) errors that appear after installing the July 2025 preview update and subsequent Windows 11 24H2 updates.
  • OpenAI adds new GPT-5 models, restores o3, o4-mini and it’s a mess all over again: One of the few things many disliked about ChatGPT was the confusing number of models. OpenAI claimed GPT-5 would fix this, but it seems to have made it worse.
  • Everything we think we know about the Google Pixel 10 phones: This is an official Pixel 10 image released by Google, though it’s probably the Pro. Google is readying its next set of hardware announcements, and has already confirmed that the Pixel 10 series is launching this month. We even know what two of the phones look like, thanks to official teasers from Google.
  • Cowboy’s e-bikes granted a second life: After months of speculation over the e-bike maker’s imminent demise, Cowboy says it now has the financial backing it needs to survive. The Brussels-based maker of boutique e-bikes says it has secured short-term financing to keep the lights on and a commitment from Rebirth Group Holding that should “ensure its long-term future.”
  • Tesla’s graphics are about to get Unreal: Tesla’s in-car visualizations for features like Autopilot and Full Self-Driving might be getting an upgrade with a switch to Epic Games’ Unreal Engine. As reported by Not a Tesla App, Tesla hacker greentheonly says they found evidence of the change in Tesla’s 2025.20 firmware for Tesla Model S and Model X cars with AMD chips.
  • Kodak says it’ll figure things out and won’t shut down: In a regulatory filing on Monday, Kodak warned investors that the 133-year-old photography company didn’t have the financing it would need to pay around $500 million of debt obligations that were coming due, raising doubts about the company’s ability to continue.
  • Stripe apologizes for customer service agents claiming LGBTQ products were banned: Stripe, a financial services company that acts as a payment processor for millions of businesses including itch.io, has issued an apology following reports that members of its support team told callers the business does not support the sale of LGBTQ content.
  • Is Amazon testing a cheaper color Kindle?: A Reddit user, writing in Portuguese, has shared a handful of images of what appears to be a prototype of a small Kindle with a color screen. The device shows the name Kindle Petit Color in the corner of one image, although the post author says that name hasn’t been finalized yet.
  • Microplastics are everywhere — including in the air around plastic treaty negotiations: Thousands of delegates have descended upon Geneva this week for what’s supposed to be the culmination of years of negotiations that, if successful, are supposed to end in a groundbreaking global plastics treaty. They might be breathing in the very thing they’re trying to clean up as they negotiate.
  • Apple’s plan for AI could make Siri the animated center of your smart home: Apple is developing a bunch of products and features to deliver its vision of AI, including multiple robots, a smart home display, and a revamped version of Siri with new technology powering it, according to an extensive report from Bloomberg.
  • Another Pixel 10 leak points to wireless Qi2 charging: We’re just one week away from Google’s Pixel 10 launch event, but the steady stream of leaks shows no sign of stopping. Now, new leaked images shared by Dutch outlet NieuweMobiel show what looks like Google’s rumored “Pixelsnap” cases with a ring in the center, hinting at support for the Qi2 wireless charging standard.
  • Starlink Mini users just lost their beloved pause feature: The Starlink Mini in Denmark. | Photo by Thomas Ricker / The Verge. Starlink now charges $5 a month to pause its high-speed, low-latency internet service, a feature that used to be available for free. It affects Roam, Residential, and Priority subscribers in the US, most of Europe, and Canada with lots of exceptions.
  • CISA and Partners Release Asset Inventory Guidance to Strengthen Operational Technology Security: [No introductory text provided]
  • North Korea Attacks South Koreans With Ransomware: DPRK hackers are throwing every kind of malware at the wall and seeing what sticks, deploying stealers, backdoors, and ransomware all at once.
  • Fortinet Products Are in the Crosshairs Again: The company disclosed a critical FortiSIEM flaw with a PoC exploit for it the same week researchers warned of an ominous surge in malicious traffic targeting the vendor’s SSL VPNs.
  • Whispers of XZ Utils Backdoor Live on in Old Docker Images: Developers maintaining the images made the “intentional choice” to leave the artifacts available as “a historical curiosity,” given the improbability they’d be exploited.
  • Popular AI Systems Still a Work-in-Progress for Security: According to a recent Forescout analysis, open source models were significantly less successful in vulnerability research than commercial and underground models.
  • Patch Now: Attackers Target OT Networks via Critical RCE Flaw: Researchers observed exploitation attempts against a vulnerability with a CVSS score of 10 in a popular Erlang-based platform for critical infrastructure and OT development.
  • What the LockBit 4.0 Leak Reveals About RaaS Groups: The leak serves as a wake-up call: Being prepared is the cornerstone of a successful defense, and those who don’t prepare are going to face uncertainty caused by the lack of attackers’ accountability.
  • How an AI-Based ‘Pen Tester’ Became a Top Bug Hunter on HackerOne: AI researcher explains how an automated penetration-testing tool became the first non-human member on HackerOne to reach the top of the platform’s US leaderboard.
  • China Questions Security of AI Chips From NVIDIA, AMD: The US banned the sale of AI chips to China and then backed off. Now, Chinese sources are calling on NVIDIA to prove its AI chips have no backdoors.
  • Elevation-of-Privilege Vulns Dominate Microsoft’s Patch Tuesday: The company’s August security update consisted of patches for 111 unique Common Vulnerabilities and Exposures (CVEs).
  • 🏴‍☠️ Akira has just published a new victim : Rusin Law: Rusin Law is a premier civil litigation defense firm specializing in workers’ compensation cases. Their services encompass a wide array of legal disciplines, including civil litigation, insurance defense, employment law, and more.
  • 🏴‍☠️ Beast has just published a new victim : Manhattan Retirement Foundation: Continuing Care Retirement Community in Manhattan Kansas serving Manhattan and the surrounding communities providing Independent Living, Assisted LIving, Healthcare and Transitional Care services.
  • 🏴‍☠️ Beast has just published a new victim : Barbas Nunez Sanders Butler & Hovsepian: Barbas, Nuez, Sanders, Butler & Hovsepian is a law firm based in Tampa, Florida, specializing in workers’ compensation, personal injury, and social security disability claims.
  • 🏴‍☠️ J has just published a new victim : ap.com: [No introductory text provided]
  • 🏴‍☠️ Sinobi has just published a new victim : Comprehensive Pain Centers: We operate on a wellness-based system. We offer you medical care services that are local to your community at your work site, educational institution, senior care facility, mall, etc.
  • 🏴‍☠️ Sinobi has just published a new victim : J Derenzo: J. Derenzo Co. has been one of New England’s premier site work contractors for over 75 years. The team’s experience ranges from large scale rural site clearing to some of the most complex, tight-site, deep hole excavations in downtown Boston.
  • 🏴‍☠️ Sinobi has just published a new victim : One Way Solutions: Company is dedicated to taking the worry out of IT by providing outstanding computer support to Dental and Healthcare practices throughout Texas.
  • 🏴‍☠️ Sinobi has just published a new victim : TELACU College: TELACU is a comprehensive organization focused on community development through various services such as construction management, real estate development, and financial services.
  • 🏴‍☠️ Sinobi has just published a new victim : ECM Consultants: ECM Consultants is an engineering, architectural, and construction management firm headquartered in Metairie, Louisiana serving the entire United States.
  • 🏴‍☠️ Anubis has just published a new victim : Advanced HPC: Leakage of internal documents at a company engaged in the development and implementation of HPC systems for science and defence.
  • 🏴‍☠️ Qilin has just published a new victim : Charak Center for Health: Charak Health and Wellness Center, USA: an organization providing mental health services and treatment for alcoholism and drug addiction.
  • 🏴‍☠️ Qilin has just published a new victim : ffs.com: Flavor & Fragrance Specialties is now a Lucta brand specializing in flavorings for coffee and other beverages.
  • 🏴‍☠️ Runsomewares has just published a new victim : Coös County Family Health: Coös County Family Health Services has provided comprehensive office-based primary care services for more than 10 years.
  • 🏴‍☠️ Akira has just published a new victim : FranceLink: Francelink is a company specializing in website creation, hosting, and digital transition support.
  • 🏴‍☠️ Akira has just published a new victim : Cevital: Founded in 1998 and headquartered in Algiers, Algeria, Cevital is a holding company with interests in food-processing and mass distribution industry to electronics and domestic appliances, the iron and steel industry, the flat glass industry, industrial construction, the automobile industry, services, and the media.
  • 🏴‍☠️ Qilin has just published a new victim : Ahtna Incorporated: Ahtna Inc., provides construction and integrated services. The company is headquartered in Glennallen, Alaska.
  • 🏴‍☠️ Akira has just published a new victim : Litchfield Cavo LLP: Litchfield Cavo LLP is a premier coverage and litigation defense law firm founded in 1998 on one principal – client service comes first.
  • 🏴‍☠️ Interlock has just published a new victim : Box Elder County: Box Elder County is a county in the northwestern part of the state of Utah, USA. Located in the northern part of the state, the county is a place for wildlife viewing and recreation of all kinds.
  • Microsoft Patch Tuesday, August 2025 Edition: Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little or no help from users.