Ransomware Update – 2025-08-24

[Content by Gemini 2.5]

Latest Ransomware News and New File Extensions

  • Qilin:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Not specified in the provided text.
    • Targets: Graphite Construction Group (US Construction), Eco Demolizioni (Italian Demolition), Ganadería Revuelta (Mexican Beef Producer).
    • Decryption Status: No known decryptor; victims’ data was published on the group’s leak site.
    • Source: Source URL not provided.

  • Dragonforce:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Not specified in the provided text.
    • Targets: Dottori Commercialisti Associati (Italian Consulting), George Haney & Son (US HVAC), Selartex (French Textiles), GEA Consulting Engineers (US Engineering).
    • Decryption Status: No known decryptor; victims’ data was published on the group’s leak site.
    • Source: Source URL not provided.

  • Other Active Groups (Worldleaks, Interlock, Incransom):

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Not specified in the provided text.
    • Targets: Prosegur (Global Security, by Worldleaks), Wier Boerner Allin (US Architecture, by Interlock), Quadrangle Imaging Center (US Healthcare, by Incransom).
    • Decryption Status: No known decryptor; victims’ data was published on the groups’ respective leak sites.
    • Source: Source URL not provided.

Observations and Further Recommendations

  • Multiple ransomware groups, including Qilin and Dragonforce, have been actively publishing victims on their leak sites, indicating successful breaches where ransoms were likely not paid.
  • The attacks targeted a diverse range of small to large businesses across various sectors (construction, security, consulting, engineering, healthcare) and geographic locations (US, Europe, Mexico), highlighting the broad and opportunistic nature of these threats.
  • While specific attack vectors for these incidents are not detailed, other cybersecurity news points to active exploitation of known software vulnerabilities and cloud infrastructure.
  • Organizations are advised to maintain robust security measures, including timely patching of systems, securing cloud environments, implementing multi-factor authentication, and ensuring they have reliable, offline data backups.

News Details

  • GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets: Cybersecurity researchers are calling attention to multiple campaigns that leverage known security vulnerabilities and expose Redis servers to various malicious activities, including leveraging the compromised devices as IoT botnets, residential proxies, or cryptocurrency mining infrastructure. The first set of attacks entails the exploitation of CVE-2024-36401 (CVSS score: 9.8), a critical
  • Murky Panda hackers exploit cloud trust to hack downstream customers: A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial access to the networks and data of downstream customers.
  • APT36 hackers abuse Linux .desktop files to install malware in new attacks: The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India.
  • They’re trying to make deep-sea mining happen: A protest in Netherlands. This is The Stepback, a weekly newsletter breaking down one essential story from the tech world. For more on deep-sea mining and critical minerals, follow Justine Calma.
  • The most fun way to look through old photos: Hi, friends! Welcome to Installer No. 95, your guide to the best and Verge-iest stuff in the world. (If you’re new here, welcome, new gadget season is starting, and also you can read all the old editions at the Installer homepage.)
  • Bose’s compact TV Speaker is more than $100 off right now: If you’re looking to upgrade your movie night, a soundbar is an easy way to beef up the audio. While there are some high-priced options out there, you don’t have to spend a lot to actually hear a movie’s dialog. Right now, the Bose TV Speaker is down to $163.45 (about $115 off) at Amazon, the lowest price we’ve seen yet.
  • What’s on your desk, Dominic Preston?: Not all of The Verge’s staff live in the US. For example, news editor Dominic Preston is based in London and is, as he says, “responsible for keeping our news coverage ticking over in UK mornings before the US team comes online.” He also curates our new Verge Daily newsletter and covers Android phones, especially all the models that don’t launch in the US.
  • The Fairphone 6 no longer feels like a compromise (except in the US): The Fairphone 6 arrives almost two years after the 5, a testament to the company’s approach to the upgrade cycle. If anything, I suspect the company would be frustrated if Fairphone 5 owners were considering a new model already – these are phones to keep, to repair, and to hold on to until the bitter end.
  • Ninja Gaiden: Ragebound is a perfect reimagining of the classic series: Ninja Gaiden is having a renaissance. The last mainline entry was originally released more than a decade ago, but by the end of 2025, there will be three new Ninja Gaiden titles.
  • Will Trump help 4Chan escape the UK’s internet police?: After the United Kingdom began enforcing its sweeping Online Safety Act in April, British regulator Ofcom served violation notices to three notorious sites: 4chan, Gab, and Kiwi Farms, each of which risked multimillion-dollar fines. Late last week, Preston Byrne, a First Amendment lawyer representing them, struck back.
  • Apple accuses former Apple Watch staffer of conspiring to steal trade secrets for Oppo: Apple is suing a former employee on the Apple Watch team who left to join Oppo, alleging that he “conspired to steal Apple’s trade secrets relating to Apple Watch and to disclose them to his new employers.”
  • US government takes 10 percent stake in Intel in exchange for money it was already on the hook for: The US is investing $8.9 billion into Intel, but most of the funds come from money that the government was supposed to pay the embattled chipmaker anyway. In an announcement on Friday, Intel said the federal government will fund its investment using the remaining $5.7 billion in grants it hasn’t yet received under the Biden administration’s CHIPS Act, in addition to the $3.2 billion received as part of the Secure Enclave program.
  • Netflix wants its partners to follow these rules when using gen AI: Netflix has already faced backlash over the use of AI in What Jennifer Did, director Jenny Popplewell’s 2024 true crime documentary that seemingly used AI-generated images in place of real archival photos. Now the streamer is taking steps to avoid similar problems.
  • Silk Typhoon Attacks North American Orgs in the Cloud: A Chinese APT is going where most APTs don’t: deep into the cloud, compromising supply chains and deploying uncommon malware.
  • ReVault Flaw Exposed Millions of Dell Laptops to Malicious Domination: A bug in the control board that connects peripheral devices in commonly used Dell laptops allowed malicious access all the way down to the firmware running on the device chip, new research finds.
  • Apple Intelligence Is Picking Up More User Data Than Expected, Researcher Finds: Music tastes, location information, even encrypted messages — Apple’s servers are gathering a “surprising” amount of personal data through Apple Intelligence, Lumia Security’s Yoav Magid warns in his new analysis.
  • Interpol Arrests Over 1K Cybercriminals in ‘Operation Serengeti 2.0’: The operation disrupted countless scams, and authorities seized a significant amount of evidence and recovered nearly $100 million in lost funds.
  • 🏴‍☠️ Qilin has just published a new victim : Graphite Construction Group: Graphite Construction Group is a commercial construction company that provides exceptional service and innovative design solutions that exceed expectations for quality construction. It is Central Iowa’s fastest-growing contractor.
  • 🏴‍☠️ Worldleaks has just published a new victim : Prosegur: [AI generated] Prosegur is a global security company based in Spain. It offers a wide range of services including cash in transit, alarm monitoring, consulting, and security maintenance.
  • 🏴‍☠️ Dragonforce has just published a new victim : Dottori Commercialisti Associati: (including financial documentation and client data) DCA – Dottori Commercialisti Associati is a professional association founded by members with over 20 years of experience in tax and corporate consulting.
  • 🏴‍☠️ Dragonforce has just published a new victim : George Haney & Son: George Haney & Son Inc is a family-owned HVAC contractor based in Pasadena, CA, providing services to the San Fernando and San Gabriel Valleys.
  • 🏴‍☠️ Dragonforce has just published a new victim : Selartex: Selartex is a prominent wholesaler of home textiles in France, boasting over 35 years of experience. The company specializes in offering a wide range of home linen products.
  • 🏴‍☠️ Dragonforce has just published a new victim : GEA Consulting Engineers: (including financial documentation and client data) Founded in 1996, GEA Consulting Engineers is an engineering firm specializing in the design of mechanical, electrical, plumbing and fire protection systems for other businesses in the area.
  • 🏴‍☠️ Qilin has just published a new victim : www.ecodemolizionisrl.com: Eco Demolizioni, Italy – the company deals with demolition of large buildings, quarrying, reclamation, beach cleaning etc.
  • 🏴‍☠️ Qilin has just published a new victim : Inicio – Ganadería Revuelta: Inicio – Ganadería Revuela, Mexico – the company produces beef. It has its own production chain, which includes: feedlots, slaughterhouse, packing factory and finished product factory.
  • 🏴‍☠️ Interlock has just published a new victim : Wier Boerner Allin: WBA provides comprehensive architecture, interior design, and planning services that are both sensible and artful, tailored to a variety of design challenges.
  • 🏴‍☠️ Incransom has just published a new victim : Quadrangle Imaging Center: Patients’ personal data and related medical information. Information for organizing appointments and feedback. Accounting and finance.