Ransomware Update – 2025-12-01

[Content by Gemini 2.5]

Latest Ransomware News and New File Extensions

  • Genesis:

    • New Encrypted File Extension: Not specified in the articles.
    • Attack Methods: Not specified in the articles.
    • Targets: Announced multiple victims including Rose Displays (visual merchandising), Petro Environmental (environmental services), Data Enterprises of the Northwest (inventory control systems), PJSI Consultants SDN BHD (architecture), and Curtis Investment Group, Inc. (real estate).
    • Decryption Status: Not specified in the articles.
    • Source: Ransomware monitoring service reports. (URL not provided in source data)

  • Devman:

    • New Encrypted File Extension: Not specified in the articles.
    • Attack Methods: Not specified in the articles.
    • Targets: Posted several victims, primarily from the healthcare and non-profit sectors, including Abdulhadi Hospital, newhorizonsmedical.org, and eastersealsnei.org. Ransom demands ranged from $75k to $550k.
    • Decryption Status: Not specified in the articles.
    • Source: Ransomware monitoring service reports. (URL not provided in source data)

  • Qilin:

    • New Encrypted File Extension: Not specified in the articles.
    • Attack Methods: Not specified in the articles.
    • Targets: Claimed a large number of victims from various industries, including Veton Ai, ILCA Targhe s.r.l., Battaglioli, Asia Condominium Association, Bomchil (legal firm), TBC Consoles, and Chenango Valley Technologies.
    • Decryption Status: Not specified in the articles.
    • Source: Ransomware monitoring service reports. (URL not provided in source data)

  • Medusa:

    • New Encrypted File Extension: Not specified in the articles.
    • Attack Methods: Not specified in the articles.
    • Targets: Targeted the education and services sectors, with victims including Universidade Municipal de São Caetano (a Brazilian university), WR Comercial (a staffing company), and Concord Academy (a specialized educational institution).
    • Decryption Status: Not specified in the articles.
    • Source: Ransomware monitoring service reports. (URL not provided in source data)

  • Other Ransomware Groups:

    • Anubis: Targeted Fun For Less Tours, claiming to have exfiltrated customer passports and personal data.
    • Crypto24: Claimed Hollysys Asia Pacific, a provider of automation solutions, as a victim.
    • Dragonforce: Targeted Division 10 Inc, a specialty product supplier for the construction industry.
    • Ransomhouse: Announced Soderstrom Architects, a Pacific Northwest architecture firm, as a victim.
    • Tridentlocker: Published Belgian postal service company bpost as a new victim.

Observations and Further Recommendations

  • A high volume of activity was observed from multiple ransomware groups, including Genesis, Devman, Qilin, and Medusa, indicating widespread and continuous campaigns.
  • The targeted entities are highly diverse, spanning public services (bpost), healthcare, education, legal, real estate, and technology, demonstrating that no industry is immune.
  • Law enforcement continues to disrupt the cybercrime ecosystem, as evidenced by the takedown of the Cryptomixer service, which was used by criminals to launder funds. This highlights the importance of targeting the infrastructure that supports ransomware operations.
  • The CISA alert regarding an actively exploited vulnerability in OpenPLC ScadaBR serves as a reminder that timely patching of known security flaws is a critical defense against initial access for many threat actors, including ransomware gangs.

News Details

  • New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control: A new Android malware named Albiriox has been advertised under a malware-as-a-service (MaaS) model to offer a “full spectrum” of features to facilitate on-device fraud (ODF), screen manipulation, and real-time interaction with infected devices.
  • Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets: The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools.
  • CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation.
  • Police takes down Cryptomixer cryptocurrency mixing service: Law enforcement officers from Switzerland and Germany have taken down the Cryptomixer cryptocurrency-mixing service, believed to have helped cybercriminals launder stolen funds. […]
  • The Verge’s guide to Cyber Monday 2025: Cyber Monday is here in full force. It brings with it many of the same deals as we saw during Black Friday, along with a handful of new, limited-time sale prices on Verge-approved tech products. It’s a great time to save on laptops, OLED TVs, noise-eliminating headphones, robot vacuums, and everything in between.
  • Netflix kills casting from phones: Netflix has removed the ability to cast shows and movies from phones to TVs, unless subscribers are using older casting devices. An updated help page on Netflix’s website, first reported by Android Authority, says that the streaming service “no longer supports casting shows from a mobile device to most TVs and TV-streaming devices,” and instead directs users to navigate Netflix using the remote that came with their TV hardware.
  • These great Cyber Monday tech deals will likely be gone tomorrow: December is kicking off with a bang. Cyber Monday is today, and it’s one of your last chances to score major deals before the holiday rush plows us all over. It’s a great moment to snag gadgets — many of which have been tested by The Verge — at (or close to) all-time lows if you missed out over the weekend, or if you methodically waited to shop until now.
  • Here are 50 standout deals under $100 we’re eyeing for Cyber Monday: When the deals are flying fast and furious, it can be easy to overspend, especially when OLED TVs, laptops, and other great pieces of tech are cheaper than they’ve ever been. You don’t have to spend a lot to find gift-worthy deals, though. If you’re working with a tighter budget, we’ve found plenty of gadgets worth considering that our team has either reviewed, tested, or bought ourselves — all for $100 or less.
  • The best Cyber Monday deals on Apple MacBooks, AirTags, iPads, and more: If you’re planning to gift an Apple device this holiday season — or treat yourself — now’s the time to start shopping. Black Friday is bleeding into Cyber Monday — and these Apple deals are some of the best we’ve seen all year.
  • The absolute best Cyber Monday deals you can already shop: Editor’s note: December has arrived, bringing Cyber Monday with it. We’re tracking all of the latest deals kicking off today in a new post rounding up the best Cyber Monday deals, so we will no longer be updating this article.
  • Anker’s Laptop Power Bank is $32 off for Cyber Monday, its biggest discount yet: If you’re planning to head out of town for the holidays, now is a good time to stock up on chargers so that your devices don’t die in transit. Lucky for you, we’ve already rounded up some of the best charging accessory deals available for Cyber Monday, with Anker’s Laptop Power Bank being one of them.
  • Our favorite laptops from Apple, Razer, HP, and others are over $500 for Cyber Monday: Cyber Monday might be a great opportunity to pick up a new TV, but it’s also one of the best chances you’ll have all year to save on one of the biggest tech purchases we’re all likely to make: a new laptop.
  • Data centers in Oregon might be helping to drive an increase in cancer and miscarriages: Morrow County, Oregon is home to mega farms and food processing plants. But it’s also home to several Amazon data centers. And now, some experts believe, that combination is leading to an alarmingly high concentration of nitrates in the drinking water that is driving up cancer and miscarriage rates in the area.
  • My favorite Cyber Monday TV deals from Samsung, Sony, and others are up to 50% off: Black Friday might have passed, but that doesn’t mean the holiday deals are gone. You can still find low prices on excellent TVs, streaming devices, and soundbars through Cyber Monday.
  • 🏴‍☠️ Tridentlocker has just published a new victim : bpost: [AI generated] bpost is a Belgian company that handles the sorting, collection, transportation and delivery of postal services both locally and internationally.
  • 🏴‍☠️ Genesis has just published a new victim : Rose Displays: A division of Visual Creations Ink
  • 🏴‍☠️ Genesis has just published a new victim : Petro Environmental.: A company that offers a range of environmental services
  • 🏴‍☠️ Genesis has just published a new victim : Data Enterprises of the Northwest.: A company that offers the Automated Tool Inventory Control and Tracking System (ATICTS)
  • 🏴‍☠️ Genesis has just published a new victim : PJSI Consultants SDN BHD.: An architect and designer of a numerous public and private sector projects.
  • 🏴‍☠️ Genesis has just published a new victim : Curtis Investment Group, Inc.: A full service real estate concern
  • 🏴‍☠️ Devman has just published a new victim : Abdulhadi Hospital: Ransom: ecaretest.com 350k 246gb
  • 🏴‍☠️ Devman has just published a new victim : newhorizonsmedical.org: Ransom: 90k 236gb
  • 🏴‍☠️ Devman has just published a new victim : www.eastersealsnei.org: Ransom: 550k 280gb
  • 🏴‍☠️ Devman has just published a new victim : m*ttcar..it: Ransom: 75k 50gb
  • 🏴‍☠️ Devman has just published a new victim : cac.cm: Ransom: 200gb 150k
  • 🏴‍☠️ Devman has just published a new victim : afo.us: Ransom: 250k 200gb
  • 🏴‍☠️ Ransomhouse has just published a new victim : Soderstrom Architects, LTD: Soderstrom Architects is a Pacific Northwest architecture firm that offers creative yet practical solutions for spaces that inspire individuals and communities.
  • 🏴‍☠️ Crypto24 has just published a new victim : Hollysys Asia Pacific: [AI generated] Hollysys Asia Pacific is part of Hollysys Automation Technologies Ltd, a leading provider of industrial and rail transportation automation solutions.
  • 🏴‍☠️ Anubis has just published a new victim : Fun For Less Tours: Customer passports and personal data.
  • 🏴‍☠️ Medusa has just published a new victim : Universidade Municipal de São Caetano: USCS offers a diverse range of educational programs including in-person and distance learning undergraduate degrees, technical courses, and postgraduate studies such as MBAs and doctorates.
  • 🏴‍☠️ Medusa has just published a new victim : WR Comercial: WR Comercial helps businesses find great staff for important jobs like cleaning, security, and front desk work.
  • 🏴‍☠️ Medusa has just published a new victim : Concord Academy: Concord Academy is a specialized educational institution that serves students with Autism, learning and intellectual disabilities, language processing disorders, ADD/ADHD, and other neurodiverse learning needs.
  • 🏴‍☠️ Qilin has just published a new victim : Veton Ai: N/A
  • 🏴‍☠️ Qilin has just published a new victim : ILCA Targhe s.r.l.: N/A
  • 🏴‍☠️ Qilin has just published a new victim : Battaglioli: N/A
  • 🏴‍☠️ Dragonforce has just published a new victim : Division 10: Division 10 Inc is a company based in Memphis, Tennessee, specializing in supplying specialty products to the construction industry since 1989.
  • 🏴‍☠️ Qilin has just published a new victim : Asia Condominium Association: N/A
  • 🏴‍☠️ Qilin has just published a new victim : Bomchil: N/A
  • 🏴‍☠️ Qilin has just published a new victim : TBC Consoles: N/A
  • 🏴‍☠️ Qilin has just published a new victim : CJW: N/A
  • 🏴‍☠️ Qilin has just published a new victim : Chenango Valley Technologies: N/A