Ransomware Update – 2025-10-20

[Content by Gemini 2.5]

Latest Ransomware News and New File Extensions

  • Qilin:

    • New Encrypted File Extension: Not specified in the provided data.
    • Attack Methods: Victim data published on the group’s data leak site as part of a double-extortion strategy. Specific intrusion vectors are not detailed.
    • Targets: A wide range of global organizations across various sectors including healthcare (London Women’s Clinic, The Blood and Marrow Transplant Group of Georgia), construction (JA Jennings), manufacturing (Winholt Equipment Group), public sector (Grande Prairie Public Library), legal (Khatami Law), and retail (Cellini Design Center).
    • Decryption Status: No known free decryptor is available.
    • Source: Source URL not provided in the input data.

  • Medusa:

    • New Encrypted File Extension: Not specified in the provided data.
    • Attack Methods: Victim data published on the group’s data leak site as part of a double-extortion strategy. Specific intrusion vectors are not detailed.
    • Targets: Imagicle (Italian tech company), Linxx Global Solutions (US government contractor), and DALCANS (French retail).
    • Decryption Status: No known free decryptor is available.
    • Source: Source URL not provided in the input data.

  • Radar:

    • New Encrypted File Extension: Not specified in the provided data.
    • Attack Methods: Victim data published on the group’s data leak site as part of a double-extortion strategy. Specific intrusion vectors are not detailed.
    • Targets: My Florida Case Management Services (US Healthcare), MC INVERSIONES INMOBILIARIAS (Peruvian Construction), and TK HOLDINGS GROUP.
    • Decryption Status: No known free decryptor is available.
    • Source: Source URL not provided in the input data.

  • Play:

    • New Encrypted File Extension: Not specified in the provided data.
    • Attack Methods: Victim data published on the group’s data leak site as part of a double-extortion strategy. Specific intrusion vectors are not detailed.
    • Targets: Accord Carton (US-based manufacturing company).
    • Decryption Status: No known free decryptor is available.
    • Source: Source URL not provided in the input data.

  • Incransom:

    • New Encrypted File Extension: Not specified in the provided data.
    • Attack Methods: Victim data published on the group’s data leak site as part of a double-extortion strategy. Specific intrusion vectors are not detailed.
    • Targets: Summit Golf Brands (summitgolfbrands.com), a high-end golf apparel company.
    • Decryption Status: No known free decryptor is available.
    • Source: Source URL not provided in the input data.

  • Other Active Groups (Everest, Safepay):

    • New Encrypted File Extension: Not specified in the provided data.
    • Attack Methods: Victim data published on data leak sites.
    • Targets: Everest targeted Collins Aerospace, while Safepay listed healthandvitalitycenter.com as a victim.
    • Decryption Status: No known free decryptors are available.
    • Source: Source URL not provided in the input data.

Observations and Further Recommendations

  • Multiple ransomware groups, including Qilin, Medusa, and Radar, have been highly active, publishing numerous victims on their data leak sites. This indicates a sustained campaign of data exfiltration and extortion.
  • The targeted industries are exceptionally diverse, ranging from healthcare and critical infrastructure contractors to retail, manufacturing, legal firms, and public libraries. This underscores that no sector is immune to ransomware attacks.
  • The primary tactic observed is double extortion, where attackers not only encrypt files but also threaten to publicly release stolen sensitive data to pressure victims into paying the ransom.
  • Organizations of all sizes should prioritize robust cybersecurity defenses. Key recommendations include maintaining offline and immutable backups, implementing multi-factor authentication (MFA) on all critical accounts, segmenting networks to limit lateral movement, and conducting regular employee training to recognize phishing and social engineering attempts.

News Details

  • MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems: China on Sunday accused the U.S. National Security Agency (NSA) of carrying out a “premeditated” cyber attack targeting the National Time Service Center (NTSC), as it described the U.S. as a “hacker empire” and the “greatest source of chaos in cyberspace.”
  • Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide: Europol on Friday announced the disruption of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a SIM farm and enabled its customers to carry out a broad spectrum of crimes ranging from phishing to investment fraud.
  • AWS outage crashes Amazon, PrimeVideo, Fortnite, Perplexity and more: AWS outage has taken down millions of websites, including Amazon.com, PrimeVideo, Perplexity AI, Canva and more.
  • TikTok videos continue to push infostealers in ClickFix attacks: Cybercriminals are using TikTok videos disguised as free activation guides for popular software like Windows, Spotify, and Netflix to spread information-stealing malware.
  • Experian fined $3.2 million for mass-collecting personal data: Experian Netherlands has been fined EUR 2.7 million ($3.2 million) for multiple violations of the General Data Protection Regulation (GDPR).
  • OpenAI confirms GPT-6 is not shipping in 2025: OpenAI is not planning to ship GPT-6 this year, but that doesn’t necessarily mean the company will not release new models.
  • SpaceX launches 10,000th Starlink internet satellite: On Sunday, SpaceX launched 56 additional Starlink satellites on separate Falcon 9 rockets, surpassing 10,000 total satellites launched into low Earth orbit to date.
  • Major AWS outage takes down Fortnite, Alexa, Snapchat, and more: Amazon Web Services (AWS) is currently experiencing a major outage that has taken down online services, including Amazon, Alexa, Snapchat, Fortnite, ChatGPT, Epic Games Store, Epic Online Services, and more.
  • X is changing how it handles links to try and keep you in the app: X is testing a change to the way it handles links on iOS so that the buttons to like, reply, and repost will always be visible.
  • X is launching a marketplace for inactive handles: Premium Plus and Premium Business users will soon be able to browse and request inactive usernames on the X Handle Marketplace.
  • You need to read the epic Argentinian horror novel Our Share of Night: I’ve read a lot of horror books over the last two years. But my absolute favorite is easily Mariana Enriquez’ Our Share of Night.
  • March of the frogs: By the time I arrived, the waterfront park in downtown Portland, Oregon was already awash with people as far as the eye could see.
  • Organizers say over 7 million showed up to No Kings protests: Saturday marked the biggest day of protest since the start of Donald Trumps’ second term. Organizers of the No Kings protests estimated that over seven million people took to the streets to declare their opposition to the president, his policies, and his tactics.
  • This weekend is your last chance to get a month of Disney Plus starting at $9.99: From Apple TV Plus to Peacock, a number of streaming services have recently increased their pricing — and Disney Plus is no exception.
  • The Sony Watchman was must-see TV: To understand the Sony Watchman, you have to go back. Way back. Back to when “TV” wasn’t just a way to refer to any piece of content between 20 and 89 minutes, available on every screen everywhere for a few bucks a month.
  • Opera’s Neon shows just how confusing AI browsers still are: The trick to understanding Opera’s Neon browser is recognizing that it’s not just a browser with an AI bot added to it, but a browser with three AI bots all living side by side.
  • 🏴‍☠️ Medusa has just published a new victim : Imagicle: Founded in 2010, Imagicle is head-quartered in Italy and has a fully owned subsidiary in Dubai and Miami. Imagicle operates almost in all over the world serving enterprises, multinational companies, as well family businesses, universities, central government, public administrations, hospitals and prestigious hotels.
  • 🏴‍☠️ Medusa has just published a new victim : Linxx Global Solutions: Linxx Global Solutions is a leading provider of mission-critical support services specializing in Training, Security, and Cyber Security solutions.
  • 🏴‍☠️ Medusa has just published a new victim : DALCANS: Any product given back will be returned to DALCANS in its original condition and packaging and must include all of the product and its accessories.
  • 🏴‍☠️ Play has just published a new victim : Accord Carton: United States
  • 🏴‍☠️ Everest has just published a new victim : Collins Aerospace Admits Responsibility for Flight Chaos at Heathrow, Brussels and Other M…: [AI generated] N/A
  • 🏴‍☠️ Safepay has just published a new victim : healthandvitalitycenter.com: The Health & Vitality Center is a holistic medical practice located at 11600 Wilshire Blvd, Suite 120, Los Angeles, CA.
  • 🏴‍☠️ Radar has just published a new victim : My Florida Case Management Services, LLC: My Florida Case Management Services, LLC, a professional case management company located in Doral, FL.
  • 🏴‍☠️ Qilin has just published a new victim : JA Jennings: Founded in 1917, J.A. Jennings is a mid-size full-service construction company which constructs private sector commercial interiors projects as well as full-scale building renovations and infrastructure programs throughout the New York City m…
  • 🏴‍☠️ Qilin has just published a new victim : BIOPHARMEX, SA de CV: BIOPHARMEX specializes in transforming scientific innovations into health solutions, providing over 30 medical products in Mexico from 10 different countries.
  • 🏴‍☠️ Qilin has just published a new victim : Stephenson’s Rental Services: Stephenson’s Rental Services is a Canadian construction equipment and tool rental company that has been operating for over 70 years.
  • 🏴‍☠️ Qilin has just published a new victim : London Women’s Clinic: London Women’s Clinic is a leading fertility clinic established in 1985, offering a wide range of fertility treatments and services across fourteen locations in the UK.
  • 🏴‍☠️ Qilin has just published a new victim : The Blood and Marrow Transplant Group of Georgia: The Blood and Marrow Transplant Group of Georgia (BMTGA) specializes in providing advanced care for patients undergoing blood and marrow stem cell transplantation, acute leukemia treatment, and CAR T-cell immunotherapy.
  • 🏴‍☠️ Qilin has just published a new victim : Grande Prairie Public Library: The Grande Prairie Public Library District is located at 3479 West 183rd Street, in Hazel Crest, Illinois. We serve the communities of Hazel Crest and Country Club Hills.
  • 🏴‍☠️ Handala has just published a new victim : Commemoration of Commander Martyr Reza Awada: On this significant anniversary of the martyrdom of Commander Reza Awada, we bow our heads in respect to a man who was not only a leader on the battlefield, but also a beacon of thought and vision.
  • 🏴‍☠️ Incransom has just published a new victim : summitgolfbrands.com: SUMMIT GOLF BRANDS specializes in high-end golf apparel and sportswear, selling products online and through leading country clubs and resorts worldwide.
  • 🏴‍☠️ Radar has just published a new victim : MC INVERSIONES INMOBILIARIAS Construction company in Peru: MC INVERSIONES INMOBILIARIAS Construction company in Peru. A lot of confidential information.
  • 🏴‍☠️ Radar has just published a new victim : TK HOLDINGS GROUP: https://www.linkedin.com/in/altanko – Alexandre TANKO – Président Directeur Général TK HOLDINGS GROUP Limited.