Latest Ransomware News and New File Extensions
-
Play Ransomware:
- New Encrypted File Extension: Not specified in the provided articles.
- Attack Methods: Not specified in the provided articles.
- Targets: Numerous U.S. companies including HD Media Systems, Mayors Machine Works, JIT Energy Services, Anderson Aluminum, Royal Machine & Tool, Reliable Roofing, and others.
- Decryption Status: No known decryption method mentioned.
- Source: https://www.bleepingcomputer.com/news/cybercrime/us-charges-admin-of-lockergoga-megacortex-nefilim-ransomware/ (Implied from leak site monitoring, URL is for context)
-
Akira Ransomware:
- New Encrypted File Extension: Not specified in the provided articles.
- Attack Methods: Data exfiltration and extortion.
- Targets: Fusion Homes (Canada) and E&S Food (U.S.), threatening to leak financial data, employee PII, and client information.
- Decryption Status: No known decryption method mentioned.
- Source: https://www.bleepingcomputer.com/news/cybercrime/us-charges-admin-of-lockergoga-megacortex-nefilim-ransomware/ (Implied from leak site monitoring, URL is for context)
-
Incransom:
- New Encrypted File Extension: Not specified in the provided articles.
- Attack Methods: Data exfiltration and extortion, claiming possession of over 1.5TB of data.
- Targets: The Ministry of Economy and Finance of Panama.
- Decryption Status: No known decryption method mentioned.
- Source: https://www.bleepingcomputer.com/news/cybercrime/us-charges-admin-of-lockergoga-megacortex-nefilim-ransomware/ (Implied from leak site monitoring, URL is for context)
-
Thegentlemen:
- New Encrypted File Extension: Not specified in the provided articles.
- Attack Methods: Not specified in the provided articles.
- Targets: A wide range of international organizations across various sectors, including Proplastics (Zimbabwe), PC Chandra Jewellers (India), Dolidol (Morocco), and Liceo Francés Antoine y Consuelo de Saint-Exupéry (El Salvador).
- Decryption Status: No known decryption method mentioned.
- Source: https://www.bleepingcomputer.com/news/cybercrime/us-charges-admin-of-lockergoga-megacortex-nefilim-ransomware/ (Implied from leak site monitoring, URL is for context)
-
LockerGoga, MegaCortex, and Nefilim Ransomware:
- New Encrypted File Extension: Not applicable (historical operations).
- Attack Methods: Law enforcement action.
- Targets: The alleged administrator of the ransomware operations.
- Decryption Status: The U.S. Department of Justice has charged a Ukrainian national for administering these past ransomware campaigns.
- Source: https://www.bleepingcomputer.com/news/cybercrime/us-charges-admin-of-lockergoga-megacortex-nefilim-ransomware/
Observations and Further Recommendations
- Multiple ransomware groups, including Play, Akira, and Thegentlemen, remain highly active, continuously listing new victims from diverse industries and geographical locations. This indicates a persistent and widespread threat landscape.
- A significant law enforcement action resulted in charges against the alleged administrator of the notorious LockerGoga, MegaCortex, and Nefilim ransomware operations, showing continued efforts to dismantle these criminal enterprises.
- The prevalence of attacks underscores the importance of robust security measures. Organizations should prioritize patching critical vulnerabilities (as noted in updates from Microsoft, SAP, and Adobe), implementing strong multi-factor authentication (MFA) to counter phishing kits like Salty2FA, and maintaining secure, offline backups.
News Details
- US charges admin of LockerGoga, MegaCortex, Nefilim ransomware: The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations.
- Watch Out for Salty2FA: New Phishing Kit Targeting US and EU Enterprises: Phishing-as-a-Service (PhaaS) platforms keep evolving, giving attackers faster and cheaper ways to break into corporate accounts. Now, researchers at ANY.RUN has uncovered a new entrant: Salty2FA, a phishing kit designed to bypass multiple two-factor authentication methods and slip past traditional defenses.
- Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days: Today is Microsoft’s September 2025 Patch Tuesday, which includes security updates for 81 flaws, including two publicly disclosed zero-day vulnerabilities.
- 🏴☠️ Incransom has just published a new victim : Republica De Panama: We hacked the Ministry of Economy and Finance of Panama. We have more than 1.5TB data at our disposal, including: internal mail, confidential data, budgets and much more.
- 🏴☠️ Akira has just published a new victim : E&S Food: E&S Food, Inc., was started in 1980 by Settimo Guttilla… We are going to upload 190GB of corporate data. A lot of financial and accounting data, credit card details, personal information of employees, client information, a bit of client data, NDAs, etc.
- 🏴☠️ Play has just published a new victim : HD Media Systems: United States
- Adapting to new threats with proactive risk management: A 2024 ransomware attack on Change Healthcare, the medical-billing subsidiary of industry giant UnitedHealth Group—the biggest health and medical data breach in US history—exposed the data of around 190 million people and led to weeks of outages for medical groups.