Ransomware Update – 2025-09-28

[Content by Gemini 2.5]

Latest Ransomware News and New File Extensions

  • Volvo Supplier Ransomware Attack:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Supply chain attack targeting a supplier.
    • Targets: Volvo employees (via supplier breach), with three international vehicle manufacturers affected by similar attacks in the past month.
    • Decryption Status: Not specified.
    • Source: News article titled “Volvo Employee SSNs Stolen in Supplier Ransomware Attack”.

  • Nova Ransomware:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data theft and extortion. The group claims to have stolen 10GB of data, including patient information, and left a ransom note on desktops.
    • Targets: FysioRoadmap, a Dutch software provider for the physiotherapy and rehabilitation sector.
    • Decryption Status: No public decryption tool is available.
    • Source: Nova leak site post.

  • Play Ransomware:

    • New Encrypted File Extension: Not specified.
    • Attack Methods: Data theft and public extortion via their leak site.
    • Targets: Multiple US-based companies across various sectors, including Amelia Overhead Doors, Pangborn, ComTec Systems, Earthadelic, Steve Basso Plumbing Heating, and Atlas Pressed Metals.
    • Decryption Status: No public decryption tool is available.
    • Source: Play leak site posts.

  • Handala (Extortion Group):

    • New Encrypted File Extension: Not applicable (data theft and extortion focus).
    • Attack Methods: Data breach and extortion. The group claims to have stolen sensitive military and governmental data from satellite operator Spacecom.
    • Targets: Spacecom (Amos satellite network operator) and its employees.
    • Decryption Status: Not applicable as data was stolen, not encrypted.
    • Source: Handala leak site posts.

  • Other Extortion Groups:

    • Qilin: Targeted Yooshin Engineering Corporation (South Korea) and Thomas M. Hughes, Ltd. (USA).
    • Dragonforce: Claimed attacks on Asserson (UK law firm), Rothmann Immobilien (Germany), FTCS Forage (France), Memphis Millwork (USA), and Cardinal Machinery (USA).
    • Thegentlemen: Targeted Thai Future Inc. PCL (Thailand).
    • Pear: Targeted Phillips Feldman Group (USA).
    • Termite: Targeted News-Press & Gazette Co. (USA).
    • Blackshrantac: Targeted a company whose name was partially obscured.

Observations and Further Recommendations

  • Ransomware and extortion groups continue to target a diverse range of industries globally, including critical infrastructure (satellite communications), healthcare, manufacturing, legal services, and media.
  • The high volume of victims posted on leak sites by groups like Play, Dragonforce, and Qilin indicates that data exfiltration followed by public shaming remains a primary tactic.
  • Supply chain attacks are a persistent threat, as demonstrated by the incident affecting Volvo, where a breach at a single supplier had wider consequences.
  • Organizations should prioritize comprehensive security measures, including vetting third-party vendor security, implementing multi-factor authentication, and maintaining offline, immutable backups to ensure resilience against such attacks.

News Details

  • Volvo Employee SSNs Stolen in Supplier Ransomware Attack: Three international vehicle manufacturers have fallen to supply chain cyberattacks in the past month alone.
  • 🏴‍☠️ Handala has just published a new victim : Amos Spacecom: We, the Handala Hack, have successfully breached the security systems of Spacecom (Space Communication Ltd.), the operator of the critical AMOS satellite network. Every piece of sensitive information, including military, governmental, and security data transmitted and stored within their infrastructure, is now fully in our possession.
  • 🏴‍☠️ Nova has just published a new victim : FysioRoadmap: FysioRoadmap is een onderdeel van Monitored Rehab Systems… we stole 10GB of data with more then 20k Docs have BSN numbers , phone numbers , full patients names and infos , sick-analyze results with pictures and lot more – readme in desktop to how contact and recover , get in touch
  • 🏴‍☠️ Play has just published a new victim : Amelia Overhead Doors: United States
  • 🏴‍☠️ Play has just published a new victim : Pangborn: United States
  • 🏴‍☠️ Play has just published a new victim : ComTec Systems: United States
  • 🏴‍☠️ Play has just published a new victim : Earthadelic: United States
  • 🏴‍☠️ Play has just published a new victim : Steve Basso Plumbing Heating: United States
  • 🏴‍☠️ Play has just published a new victim : Atlas Pressed Metals: United States
  • 🏴‍☠️ Qilin has just published a new victim : Yooshin Engineering Corporation: Yooshin Engineering Corporation provides engineering consulting services in South Korea and internationally.
  • 🏴‍☠️ Pear has just published a new victim : Phillips Feldman Group: Quality, personalized financial guidance to South Florida individuals and businesses
  • 🏴‍☠️ Thegentlemen has just published a new victim : Thai Future Inc. PCL: Thai Film Industries specializes in the production and distribution of films in Thailand. The company offers a range of services including film production, post-production, and marketing.
  • 🏴‍☠️ Dragonforce has just published a new victim : Asserson: (Clients, counterparties, lobbying, deceit, intimidation, pressure on journalists, and other tactics, as revealed in over half a million documents) Asserson Law Offices is a dynamic and creative law firm based in the UK…
  • 🏴‍☠️ Qilin has just published a new victim : thomasmhughes.com: Thomas M. Hughes, Ltd. USA – Calculation error. Company specializes in providing experienced legal counsel focused on employee benefits, ERISA, tax, and pension law.
  • 🏴‍☠️ Blackshrantac has just published a new victim : Sta* Fib.com**: [No introductory text provided]
  • 🏴‍☠️ Dragonforce has just published a new victim : Rothmann Immobilien: (Client data inside) Rothmann Immobilien GmbH is a company that operates in the Real Estate industry.
  • 🏴‍☠️ Dragonforce has just published a new victim : FTCS Forage: (Client data, accounting records, and internal documentation) FTCS Forage is a company that operates in the Civil Engineering Construction industry.
  • 🏴‍☠️ Dragonforce has just published a new victim : Memphis Millwork: (Client data, accounting records, and internal documentation) Memphis Millwork specializes in commercial architectural millwork, catering to clients in Memphis and the surrounding areas.
  • 🏴‍☠️ Dragonforce has just published a new victim : Cardinal Machinery: (Full data) Cardinal Machinery is a family-owned business with over 50 years of experience in the Machine Tool Industry…
  • 🏴‍☠️ Termite has just published a new victim : News-Press & Gazette Co.: News-Press & Gazette Company publishes daily newspapers and weekly publications. It provides cable, internet, and digital telephone services, as well as commercial printing services…