Latest Ransomware News and New File Extensions
-
RansomExx:
- New Encrypted File Extension: Not specified in the article.
- Attack Methods: Exploiting a now-patched privilege escalation vulnerability in Microsoft Windows Common Log File System (CLFS), identified as CVE-2025-29824, to deploy the PipeMagic malware.
- Targets: Microsoft Windows systems within organizations.
- Decryption Status: No known public decryption tool is mentioned.
- Source: Article titled “Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware”.
-
Multiple Ransomware Groups (via Leak Sites):
- New Encrypted File Extension: Not specified in the announcements.
- Attack Methods: Data exfiltration for double extortion, as evidenced by victim announcements on their dedicated leak sites.
-
Targets: A diverse range of international organizations across multiple sectors, including:
- Qilin: Inotiv, Inc. (US Contract Research Organization), Uganda Electricity Transmission Company, APDerm (US healthcare), and Welcome Financial Group (Korean finance).
- Safepay: Alberta Industrial Controls (Canada), Listgrove Limited (UK), TransElectric (Israel), Bateman Groundworks (UK), and Godby Hearth & Home (US).
- Ransomhouse: Maxell Asia (Japanese technology company).
- Other Active Groups: Warlock, Crypto24, Sinobi, Beast, Gunra, Direwolf, Killsec, and Everest also announced new victims from various industries.
- Decryption Status: No information on decryption tools provided; the focus of these posts is on publicizing data breaches.
- Source: Various ransomware leak site monitoring feeds.
Observations and Further Recommendations
- A high volume of ransomware attacks are being reported through data leak sites. Groups like Qilin, Safepay, and Ransomhouse are actively naming victims from diverse global industries, confirming that the data-exfiltration-for-extortion model remains a dominant tactic.
- Threat actors continue to leverage known, albeit recently patched, vulnerabilities. The RansomExx campaign’s use of a Windows CLFS flaw (CVE-2025-29824) underscores the critical importance of timely patch management to close security gaps before they can be exploited.
- Organizations should prioritize the rapid application of security patches for critical vulnerabilities. Employing robust endpoint detection and response (EDR) solutions can help identify and stop malicious activity post-exploitation but before ransomware is fully deployed.
News Details
-
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware: Cybersecurity researchers have lifted the lid on the threat actors’ exploitation of a now-patched security flaw in Microsoft Windows to deploy the PipeMagic malware in RansomExx ransomware attacks. The attacks involve the exploitation of CVE-2025-29824, a privilege escalation vulnerability impacting the Windows Common Log File System (CLFS) that was addressed by Microsoft in April 2025.
-
🏴☠️ Ransomhouse has just published a new victim : Maxell Asia: Maxell is a Japanese group company founded in 1961, renowned for developing innovative, high-value-added products leveraging its core analog technologies such as mixing and dispersion, precision coating, and high-precision molding.
-
🏴☠️ Qilin has just published a new victim : Inotiv, Inc: Inotiv, Inc. is a publicly USA traded contract research organization (CRO) that provides nonclinical and analytical drug discovery and development services to the pharmaceutical and medical device industries.
-
🏴☠️ Safepay has just published a new victim : albertaindustrialcontrols.com: Alberta Industrial Controls & Drives Inc., based in Edmonton, Alberta, is a reputable distributor of industrial electronic controls and motors …
-
🏴☠️ Crypto24 has just published a new victim : Palmgold Management Sdn Bhd: We have exfiltrated over 500GB of most sensitive and business-critical data from palmgold’s internal network. This includes data from both the Casino Division and the Credit Division…