Latest Ransomware News and New File Extensions
-
Cloak:
- New Encrypted File Extension: Not specified
- Attack Methods: Data exfiltration and public extortion via a leak site.
- Targets: TuftsMedicine (Healthcare).
- Decryption Status: Not applicable (data leak announcement).
- Source: 🏴☠️ Cloak has just published a new victim : TuftsMedicine
-
Killsec:
- New Encrypted File Extension: Not specified
- Attack Methods: Data exfiltration and public extortion; this group announced multiple victims in a short period.
- Targets: GPS Trackit, Archer Health, Suiza Lab, eMedicoERP, GoTelemedicina, and MedicSolution+ (Various industries, including technology and healthcare).
- Decryption Status: Not applicable (data leak announcement).
- Source: 🏴☠️ Killsec has just published a new victim : [Victim Name]
-
Silentransomgroup:
- New Encrypted File Extension: Not specified
- Attack Methods: Data exfiltration and public extortion.
- Targets: Gordon Rees Scully Mansukhani LLP (Law Firms & Legal Services, USA).
- Decryption Status: Not applicable (data leak announcement).
- Source: 🏴☠️ Silentransomgroup has just published a new victim : Gordon Rees Scully Mansukhani LLP
-
Qilin:
- New Encrypted File Extension: Not specified
- Attack Methods: Data exfiltration and public extortion.
- Targets: Mechatronics, Inc. (Electronics manufacturing, USA).
- Decryption Status: Not applicable (data leak announcement).
- Source: 🏴☠️ Qilin has just published a new victim : Mechatronics
-
Beast:
- New Encrypted File Extension: Not specified
- Attack Methods: Data exfiltration and public extortion.
- Targets: BinBaires (Casino and gambling network, Argentina).
- Decryption Status: Not applicable (data leak announcement).
- Source: 🏴☠️ Beast has just published a new victim : BinBaires
-
Blacknevas:
- New Encrypted File Extension: Not specified
- Attack Methods: Data exfiltration and public extortion; claims to have exfiltrated 1.5 TB of data.
- Targets: OftalTech Solutions (Ophthalmic products distributor, Spain/Portugal).
- Decryption Status: Not applicable (data leak announcement).
- Source: 🏴☠️ Blacknevas has just published a new victim : OftalTech Solutions oftaltech.com
-
Incransom:
- New Encrypted File Extension: Not specified
- Attack Methods: Data exfiltration and public extortion.
- Targets: Schuler Service Group (Garden and landscape construction, Germany).
- Decryption Status: Not applicable (data leak announcement).
- Source: 🏴☠️ Incransom has just published a new victim : schuler-service-group.de
Observations and Further Recommendations
- A significant number of ransomware groups (Cloak, Killsec, Qilin, etc.) are actively disclosing victims on their leak sites, indicating a high operational tempo in data extortion attacks.
- The targeted organizations are geographically and industrially diverse, spanning healthcare, legal services, manufacturing, entertainment, and business services across the US, Europe, and South America.
- The attacks demonstrate a clear focus on data exfiltration for extortion, rather than solely relying on encryption. This trend underscores the critical need for organizations to implement robust data loss prevention (DLP) strategies and advanced threat detection to identify and stop data exfiltration in progress.
News Details
- Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign: A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan. The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear.
- Critical SAP S/4HANA Vulnerability Under Attack, Patch Now: Exploitation of CVE-2025-42957 requires “minimal effort” and can result in a complete compromise of the SAP system and host OS, according to researchers.
- Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys: A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet credentials from Ethereum developers.
- Secretive MaaS Group ‘TAG-150’ Develops Novel ‘CastleRAT’: TAG-150 is running a multifaceted and relatively successful malware-as-a-service operation, without advertising itself on the Dark Web.
- 🏴☠️ Cloak has just published a new victim : TuftsMedicine: [AI generated] N/A
- 🏴☠️ Killsec has just published a new victim : GPS Trackit: N/A
- 🏴☠️ Silentransomgroup has just published a new victim : Gordon Rees Scully Mansukhani LLP: Law Firms & Legal Services – California, United States – 2,500 Employees. Gordon & Rees was founded in…
- 🏴☠️ Qilin has just published a new victim : Mechatronics: Mechatronics, Inc. USA specializes in providing a wide range of AC, DC, and EC fans and blowers, including accessories and custom assemblies, catering to industries such as telecom, medical, industrial, alternative energy, lighting displays…
- 🏴☠️ Beast has just published a new victim : BinBaires: BinBaires is a company that operates a network of casinos and bingo halls in Argentina, with operations in the provinces of Buenos Aires (PLV) and Mendoza, including facilities in Ezeiza and Olavarria.
- 🏴☠️ Blacknevas has just published a new victim : OftalTech Solutions oftaltech.com: OftalTech Solutions is a leading distributor of ophthalmic products, operating at both national and international levels, primarily in Spain and Portugal. The company offers a wide range of products including diagnostic equipment, surgical devices, and therapeutic lenses.
- 🏴☠️ Incransom has just published a new victim : schuler-service-group.de: Schuler Service Group is a comprehensive service provider specializing in garden and landscape construction, with expertise dating back to 1956. They offer year-round green maintenance services in urban and industrial areas…
- 🏴☠️ Yurei has just published a new victim : www.midcity.lk: Midcity Marketing (Pvt) Ltd, Sri Lanka is a dominant force in the import, distribution, and marketing of essential dry food commodities. Since its establishment in 1995, the company has built a reputation based on transparency, integrity, and trust…
- 🏴☠️ Obscura has just published a new victim : RelationMedia A/S: RelationMedia A/S is the leading agency in Denmark within sales forces, merchandising, marketing, data collection, sampling, product presentation and events.