Ransomware Update – 2025-08-31

[Content by Gemini 2.5]

Latest Ransomware News and New File Extensions

  • Qilin:

    • New Encrypted File Extension: Not specified in the provided news.
    • Attack Methods: Not specified; victims are listed on their data leak site.
    • Targets: Various sectors including oil & gas (L&S Proline, USA), technology (Tecnología Especializada Asociada de México), education (ESIC University, Spain; Atlanta Neighborhood Charter School, USA), landscaping (All Phase Landscape, USA), labor unions (IBEW Local 1547, USA), and publishing (Ogden Publications, USA).
    • Decryption Status: No known public decryptor available.
    • Source: Source URL not provided in the input.

  • Dragonforce:

    • New Encrypted File Extension: Not specified in the provided news.
    • Attack Methods: Not specified; victims are listed on their data leak site, with claims of exfiltrating financial documents and client data.
    • Targets: Diverse industries including manufacturing (Engineered Components, USA; Provalve Armaturen, Germany), wireless distribution (ABM Wireless INC, USA), building supply (Hilco Metal Building, USA), hospitality (Park Country Club, USA), and community health (Toowoomba Friendly Society Dispensary).
    • Decryption Status: No known public decryptor available.
    • Source: Source URL not provided in the input.

  • Safepay:

    • New Encrypted File Extension: Not specified in the provided news.
    • Attack Methods: Not specified; victims are listed on their data leak site.
    • Targets: A wide range of international organizations, including property management (Sanderson Management, USA), cosmetics (Lipcare, Germany), home-care services (Companions & Homemakers, USA), commerce bodies (Chamber of Commerce of Valencia, Spain), education (Dasmesh Punjabi School, Canada), architecture (Zanetti S.r.l., Italy), non-profits (United Way Chatham-Kent, Canada), manufacturing (Hardwick Tactical, USA), religious organizations (Temple Emanu-El, USA), and hospitality (The Celeste Hotel, USA).
    • Decryption Status: No known public decryptor available.
    • Source: Source URL not provided in the input.

  • Desolator:

    • New Encrypted File Extension: Not specified in the provided news.
    • Attack Methods: Not specified; victims are listed on their data leak site with an expiration date for data publication.
    • Targets: Tri Thuc Software and Construcciones Sala.
    • Decryption Status: No known public decryptor available.
    • Source: Source URL not provided in the input.

  • Incransom:

    • New Encrypted File Extension: Not specified in the provided news.
    • Attack Methods: Not specified; a new victim was published on their leak site.
    • Targets: Healthcare sector (OB GYN Associates, USA).
    • Decryption Status: No known public decryptor available.
    • Source: Source URL not provided in the input.

Observations and Further Recommendations

  • Multiple ransomware groups, including Qilin, Dragonforce, Safepay, Desolator, and Incransom, remain highly active, publishing numerous victims on their data leak sites.
  • The attacks demonstrate a global reach, targeting organizations in the USA, Canada, Mexico, Spain, Germany, and Italy.
  • A wide variety of sectors are being targeted, with no single industry being immune. Victims include entities in healthcare, education, manufacturing, government, technology, and oil & gas.
  • The broad and indiscriminate nature of these attacks underscores the importance for all organizations to implement robust cybersecurity measures, including regular data backups, multi-factor authentication, employee security training, and timely software patching.

News Details

  • 🏴‍☠️ Qilin has just published a new victim : L&S Proline: L&S Proline, USA – Drill, baby, drill! L&S Proline is a full-service company specializing in solutions for the oil and gas industry, offering a range of products and services, including measurement control equipment, structural fabrication, a …
  • 🏴‍☠️ Qilin has just published a new victim : Tecnología Especializada Asociada de México: Tecnología Especializada Asociada de México, not a dream TEAM. The company positions itself as a ‘strategic link between producers, distribution channels and end consumers’. In reality, behind the buzzwords they try to hide the reality. …
  • 🏴‍☠️ Qilin has just published a new victim : ESIC_TR: ESIC University, Spain, is a higher education institution focused on the world of marketing. In other words, they teach how to sell products and ideas. One of the main principles of marketing is that people don’t know what they need until we …
  • 🏴‍☠️ Desolator has just published a new victim : Tri Thuc Software: Status: waiting | Expiration: 2025-09-01T00:00
  • 🏴‍☠️ Desolator has just published a new victim : Construcciones Sala: Status: waiting | Expiration: 2025-09-04T00:00
  • 🏴‍☠️ Safepay has just published a new victim : sandersonmanagement.com: Sanderson Management is a renowned property management company based in the United States, specializing in the efficient and effective management …
  • 🏴‍☠️ Dragonforce has just published a new victim : Engineered Components: (Financial documents, counterparties, clients) We also distribute a multitude of other components that are utilized by original equipment manufacturers worldwide. Our Anchor Bolt division provides these products to countless fastener companies that operate in a range of industries, from coast to coast. Founded in 1983, ECC has continually grown in the areas of technology, market share and acquisition.
  • 🏴‍☠️ Dragonforce has just published a new victim : ABM Wireless INC: Inscope is a New York based Master Dealer in the wireless distribution space. Established in 2002, we have grown to become one of the largest Master Dealers for AT&T in the Tri-State area; and among the largest sellers of wireless accessories in the US.
  • 🏴‍☠️ Dragonforce has just published a new victim : Hilco Metal Building & Roofing Supply: Hilco Metal Building & Metal Roofing Supply specializes in providing a comprehensive range of metal buildings, roofing materials, and custom-designed arenas specifically aimed at clients in industrial, oil field, and retail sectors.
  • 🏴‍☠️ Dragonforce has just published a new victim : Park Country Club: (financial documentation and clients’ data internally) Park Country Club is a premier traditional country club located in Western New York. The club offers a comprehensive, member-focused experience with a diverse range of activities suitable for all ages.
  • 🏴‍☠️ Dragonforce has just published a new victim : Toowoomba Friendly Society Dispensary: (Financial documents, counterparties, clients) Friendlies Mobility & Independent Living is a trusted community health partner based in Toowoomba, offering mobility products for sale and hire, as well as pharmacy and NDIS services.
  • 🏴‍☠️ Dragonforce has just published a new victim : Provalve Armaturen GmbH & Co. KG: (Financial documents, counterparties, clients) PROVALVE Armaturen GmbH & Co. KG specializes in high-quality valves and fittings designed for demanding applications, primarily in the power generation and chemical industries.
  • 🏴‍☠️ Incransom has just published a new victim : OB GYN Associates: OB/GYN Associates offers comprehensive women’s healthcare from obstetrics and pregnancy to gynecological care in Reno, Nevada.
  • 🏴‍☠️ Qilin has just published a new victim : atlanta neighborhood charter school: Atlanta Neighborhood Charter School (ANCS) is a K-8 public charter school in Atlanta, recognized for its academic excellence and innovative programs. However, they could not make a program to protect their own students. All information on the …
  • 🏴‍☠️ Safepay has just published a new victim : lipcare.de: Lipcare, operated by KHK GmbH in Germany, is a specialized manufacturer of natural and conventional cosmetics, with a particular focus …
  • 🏴‍☠️ Safepay has just published a new victim : companionsandhomemakers.com: Companions & Homemakers, based in Connecticut, is a nonprofit home-care service provider with more than 30 years of experience. It …
  • 🏴‍☠️ Safepay has just published a new victim : camaravalencia.com: The Cámara de Valencia, officially known as the Chamber of Commerce, Industry, Services and Navigation of Valencia, was founded in …
  • 🏴‍☠️ Safepay has just published a new victim : dasmeshschool.com: Dasmesh Punjabi School in Winnipeg, Manitoba, is a private independent institution that integrates the provincial curriculum with Punjabi language, Sikh …
  • 🏴‍☠️ Safepay has just published a new victim : zanettisrl.it: Zanetti S.r.l., headquartered in Florence, Italy, is a leading architectural company specializing in the design and construction of glass and …
  • 🏴‍☠️ Safepay has just published a new victim : uwock.ca: Information Chatham-Kent is a nonprofit service based in Ontario, Canada, and operated under United Way Chatham-Kent. It serves as a …
  • 🏴‍☠️ Safepay has just published a new victim : hardwicktactical.com: Hardwick Tactical Corporation, located in Cleveland, Tennessee, is a historic American manufacturer of military and professional uniforms. Founded in 1880, …
  • 🏴‍☠️ Safepay has just published a new victim : templeemanu-el.org: Temple Emanu-El, located in Dallas, Texas, is one of the largest and most historically significant Reform Jewish congregations in the …
  • 🏴‍☠️ Safepay has just published a new victim : thecelestehotel.com: The Celeste Hotel is a boutique hotel located in Orlando, Florida, within the University of Central Florida (UCF) campus area. …
  • 🏴‍☠️ Qilin has just published a new victim : allphaselandscape.net: All Phase Landscape, USA is a company engaged in landscaping, design, and service of green areas in parks, around administrative, office, and residential buildings.
  • 🏴‍☠️ Qilin has just published a new victim : ibew1547.org: IBEW Local 1547, USA – a union in Alaska that is supposed to provide safety and protect the rights of electric utility and communications workers, local officials, health care workers, and many other professionals. Safety – failed. Protection …
  • 🏴‍☠️ Qilin has just published a new victim : ogdenpubs.com: Ogden Publications Inc., USA – history repeats itself. One of the oldest publishing houses in the USA repeats its mistake time after time and has no experience. There is no other word than “idiocy” for their approach to problem solving. …