Ransomware Update – 2025-10-13

[Content by Gemini 2.5]

Latest Ransomware News and New File Extensions

  • Coinbasecartel:

    • New Encrypted File Extension: Not specified in the articles.
    • Attack Methods: Not specified in the articles.
    • Targets: Multiple organizations across various sectors, including logistics (PLC-Transportation, dsv.com, Kuehne + Nagel), financial consulting (Borrowell.com), legal services (Legal Boutique), software (Canias ERP), and healthcare (Carewell).
    • Decryption Status: No known public decryptor available.
    • Source: Ransomware leak site announcements.

  • Qilin:

    • New Encrypted File Extension: Not specified in the articles.
    • Attack Methods: Not specified in the articles.
    • Targets: Industrial and technology companies in Europe, including a French boiler manufacturer (Frisquet), a Norwegian electronics company (Dynamic Precision Sverige), an Italian crane manufacturer (Valtorta), and a US-based retail and real estate company (Team Schierl Companies).
    • Decryption Status: No known public decryptor available.
    • Source: Ransomware leak site announcements.

  • Radiant:

    • New Encrypted File Extension: Not specified in the articles.
    • Attack Methods: Not specified in the articles.
    • Targets: A diverse range of entities including education (Kido Schools), foodservice (Magna Foodservice), healthcare (Minnesota Hospital), retail (Retail Texas), and transportation (UK Rail Services). Several victims were listed as “Unknown” with threats of exposure.
    • Decryption Status: No known public decryptor available.
    • Source: Ransomware leak site announcements.

  • Sinobi:

    • New Encrypted File Extension: Not specified in the articles.
    • Attack Methods: Not specified in the articles.
    • Targets: Organizations in the healthcare and construction/design sectors, including IDB Clinicas, CMF Inc (architectural sheet metal), and Sunbelt Design & Development (ground handling equipment).
    • Decryption Status: No known public decryptor available.
    • Source: Ransomware leak site announcements.

  • Nova:

    • New Encrypted File Extension: Not specified in the articles.
    • Attack Methods: Not specified in the articles.
    • Targets: Argentina’s Ministry of Health (Ministerio de Salud de la Nación argentina), with claims of possessing sensitive patient data.
    • Decryption Status: No known public decryptor available.
    • Source: Ransomware leak site announcement.

  • Other Active Ransomware Groups:

    • New Encrypted File Extension: Not specified in the articles.
    • Attack Methods: Not specified in the articles.
    • Targets: Various other groups posted victims, including Incransom (Balfour Beatty), Brotherhood (Integlia, Citizens’ Committee for Children of New York), Bqtlock (Adore UAE, EPS FUJ Private School UAE), Dragonforce (announced a new public panel), Blackshrantac (Altas Temizlik), Nasirsecurity (Taldor), and Everest (Streebo).
    • Decryption Status: No known public decryptor available.
    • Source: Ransomware leak site announcements.

Observations and Further Recommendations

  • A significant volume of ransomware activity was observed from multiple groups, notably Coinbasecartel and Radiant, who listed numerous victims across diverse industries like logistics, healthcare, finance, and government.
  • The targeting of Argentina’s Ministry of Health by the Nova group highlights the ongoing threat to public sector and critical infrastructure, involving highly sensitive personal data.
  • Other security news indicates that threat actors are actively exploiting a wide range of software vulnerabilities (RondoDox, Oracle E-Business Suite) and using legitimate platforms like GitHub and Discord for malicious infrastructure (Astaroth, ChaosBot).
  • It is crucial for organizations to prioritize patching known vulnerabilities, implement multi-factor authentication, maintain secure offline backups, and conduct regular employee training to defend against both ransomware and other malware threats.

News Details

  • Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors: Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. The activity, described as akin to an “exploit shotgun” approach, has singled out a wide range of internet-exposed infrastructure…
  • Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor: Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving “credible reports” in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users’ devices.
  • Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns: Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns.
  • New Rust-Based Malware “ChaosBot” Uses Discord Channels to Control Victims’ PCs: Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts.
  • New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login: Oracle on Saturday issued a security alert warning of a fresh security flaw impacting its E-Business Suite that it said could allow unauthorized access to sensitive data. The vulnerability, tracked as CVE-2025-61884, carries a CVSS score of 7.5, indicating high severity.
  • Fake ‘Inflation Refund’ texts target New Yorkers in new scam: An ongoing smishing campaign is targeting New Yorkers with text messages posing as the Department of Taxation and Finance, claiming to offer “Inflation Refunds” in an attempt to steal victims’ personal and financial data.
  • Wi-Fi 8 demonstrated with first prototype connection: The new standard aims to provide improved stability for devices in congested networks. It feels like the rollout of Wi-Fi 7 is barely out of the gate, but TP-Link is already making advancements towards the next generation of connectivity.
  • Marvel details upcoming slate of shows at New York Comic Con: We got our first proper look at the upcoming Wonder Man series, but Marvel has a whole slate of shows in the works. Other than Wonder Man, though, the company didn’t roll into New York Comic Con with a firm release date for anything.
  • You need to watch the bonkers Japanese fantasy horror film House: Spooky season is upon us, and traditional horror films like Bring Her Back (excellently gruesome) or The Evil Dead (stone cold classic) are obvious choices for a cozy movie night at home. But, if you’re looking for something that’s a bit more weird than wicked to get you in the Halloween spirit, I highly recommend the 1977 fantasy horror film House.
  • Amazon awkwardly edited the guns out of James Bond art: Last week, for James Bond Day, Amazon revealed updated poster art for the movies. But fans immediately noticed that the super spy’s signature Walther PPK was conspicuously missing from every image.
  • Police are asking kids to stop pulling AI homeless man prank: Kids are using AI to create images of a disheveled, seemingly unhoused person in their home and sending them to their parents. Understandably, they’re not thrilled and in some instances call the police. The prank has gone viral on TikTok and… has become a headache for law enforcement.
  • How BlackBerry Messenger set texting free: It’s important to remember that two decades ago, text messages cost 10 cents. Each. […] Then BlackBerry, nearing the peak of its powers, did something remarkable: it cut the carriers out entirely. Before WhatsApp and Telegram, before iMessage and RCS, there was BlackBerry Messenger.
  • Welcome to the ‘papers, please’ internet: This is The Stepback, a weekly newsletter breaking down one essential story from the tech world. For more on the downward spiral of the internet, follow Adi Robertson.
  • ChatGPT is becoming an everything app: Hi, friends! Welcome to Installer No. 101, your guide to the best and Verge-iest stuff in the world.
  • Apple ends support for Clips video-editing app: Apple’s Clips video editing app is no more. It debuted in 2017 as a way to stitch together videos with music, text, and filters with a clear focus on sharing to social media.
  • 🏴‍☠️ Dragonforce has just published a new victim : DragonForce team hurry to notify you about new public available registration panel!\n\http…: DragonForce team hurry to notify you about new public available registration panel!\n\http://dragongoztkdfmnd7jkchznd3fvkpdmeh4vhbt6p3usrlsoy5dw2bhyd.onion/registration\nDBKPVG2A5PJEIFCCJRCAO2R2WRX75NJXL3O67U2W5DPCQIMAYJMA
  • 🏴‍☠️ Coinbasecartel has just published a new victim : PLC-Transportation: PLC Trans is an established company in the field of international transport and logistics. In the last 10 years we have established ourselves as th…
  • 🏴‍☠️ Coinbasecartel has just published a new victim : dsv.com: DSV is a global transport and logistics company that provides and manages supply chain solutions for thousands of companies every day. The company …
  • 🏴‍☠️ Coinbasecartel has just published a new victim : Kuehne + Nagel: With more than 82,000 employees at almost 1,300 sites in close to 100 countries, the Kuehne+Nagel Group is one of the world’s leading logistics pro…
  • 🏴‍☠️ Blackshrantac has just published a new victim : Altas Temizlik: [AI generated] N/A
  • 🏴‍☠️ Coinbasecartel has just published a new victim : Borrowell.com: Founded in 2014, Borrowell is a financial consulting firm that offers free credit score and report monitoring, automated credit coaching tools, and…
  • 🏴‍☠️ Coinbasecartel has just published a new victim : Legal Boutique: This is a private legal services firm representing high‑net‑worth individuals which would not want their business leaked online. Contact us or …
  • 🏴‍☠️ Coinbasecartel has just published a new victim : Canias ERP: Canias ERP is a brand of IAS, an Industrial application software and ERP solution provider. Canias ERP is a software product that provides Enterpri…
  • 🏴‍☠️ Coinbasecartel has just published a new victim : Carewell: No description available.
  • 🏴‍☠️ Qilin has just published a new victim : Frisquet: Frisquet, France – is a manufacturer specializing in gas boilers and renewable energy solutions, offering a range of products including heat pumps, hot water tanks, and hybrid systems.
  • 🏴‍☠️ Qilin has just published a new victim : Dynamic Precision Sverige: Dynamic Precision Sverige, Norway – is a company that operates in the Electronics industry. The company designs and builds complex microelectronics…
  • 🏴‍☠️ Sinobi has just published a new victim : IDB Clinicas: Grupo de Clinicas IDB provides business services. Contact them directly for more information about their offerings.
  • 🏴‍☠️ Sinobi has just published a new victim : CMF: CMF Inc specializes in expert design assistance, fabrication, and installation services for architectural sheet metal and related products.
  • 🏴‍☠️ Sinobi has just published a new victim : Sunbelt Design & Development: Sunbelt Design & Development, Inc. specializes in ground handling equipment, lifting equipment, inspection equipment, spare parts, and maintenance equipment.
  • 🏴‍☠️ Qilin has just published a new victim : Valtorta: Valtorta, Italy – develops and manufactures industrial cranes. Valtorta is the natural evolution of TRASMEC srl that has been especially operating in the sector of the bridge cranes since 1969.
  • 🏴‍☠️ Nova has just published a new victim : Ministerio de Salud de la Nación argentina: The Ministry of Health of Argentina is the agency responsible for coordinating and overseeing public health policy in the country. […] – The data include high sansitive informations for more then 2 millions patients in xlsx files…
  • 🏴‍☠️ Qilin has just published a new victim : Team Schierl Companies: Team Schierl Companies is an organization of retail businesses and real estate development. TSC was founded in 1956 and is currently headquartered in Stevens Point, Wisconsin.
  • 🏴‍☠️ Incransom has just published a new victim : Balfour Beatty: Balfour Beatty US, founded in 1933 and headquartered in Dallas, Texas, is a commercial construction company that offers services for construction management, general contracting, cost consulting, and design-building.
  • 🏴‍☠️ Radiant has just published a new victim : Kido Schools: We integrate advances in design, technology, and pedagogy to create the highest quality nurseries and preschools.
  • 🏴‍☠️ Radiant has just published a new victim : Magna Foodservice: Magna Foodservice is a leading supplier of a wide range of food products, including halal poultry, drinks, food packaging, and hygiene products.
  • 🏴‍☠️ Radiant has just published a new victim : Minnesota Hospital: Unknown. Contact us within 7 days or we will expose your hospitals name, add the view more button and start our pressure process.
  • 🏴‍☠️ Radiant has just published a new victim : Retail Texas: Unknown. Contact within 7 days or we will publish your name, add the view more button and begin our pressure process.
  • 🏴‍☠️ Radiant has just published a new victim : UK Rail Services: Unknown. You will be contacted shortly. 3 Days for contact or else we will begin our process.
  • 🏴‍☠️ Nasirsecurity has just published a new victim : Taldor: This is a warning… you remain in danger.
  • 🏴‍☠️ Everest has just published a new victim : Streebo: [AI generated] “Streebo” is an established global IT solutions company, specializing in AI-powered digitization services and products.
  • 🏴‍☠️ Brotherhood has just published a new victim : Integlia: Contains: 66 Gb compressed Files
  • 🏴‍☠️ Brotherhood has just published a new victim : Citizens’ Committee for Children of New York: Contains: 45 Gb compressed Files
  • 🏴‍☠️ Bqtlock has just published a new victim : Adore UAE: adoreuae.com www.adoreuae.com
  • 🏴‍☠️ Bqtlock has just published a new victim : EPS FUJ Private School UAE: epsfuj.com www.epsfuj.com