Ransomware - Cybersec Sentinel

Ransomware

A collection of 33 posts

Reynolds Ransomware Shows Why BYOVD Is the New EDR Bypass

Reynolds Ransomware Shows Why BYOVD Is the New EDR Bypass

Threat Group Reynolds Ransomware Group Threat Type Ransomware with integrated Bring Your Own Vulnerable Driver exploitation Exploited Vulnerabilities CVE-2025-68947 abuse of the NsecSoft NSecKrnl driver authorisation model Malware Used Reynolds Ransomware with embedded NSecKrnl.sys kernel driver Threat Score 🔴 9.1/10 High risk Last Threat Observation 11 February 2026

LockBit 5.0 Variant Expands Attacks on Windows Linux and Virtual Infrastructure

LockBit 5.0 Variant Expands Attacks on Windows Linux and Virtual Infrastructure

Threat Group – LockBit operators Threat Type – Ransomware as a Service Exploited Vulnerabilities – Exposed remote access services, unpatched internet facing infrastructure, valid credential reuse, weak virtualisation hardening Malware Used – LockBit 5.0 Windows Linux and ESXi variants Threat Score – 7.5 🔴 High – Cross platform impact with ESXi targeting, rapid encryption, and

ScarCruft and RokRAT Pose High Threat to Government and Academia

ScarCruft and RokRAT Pose High Threat to Government and Academia

Threat Group: ScarCruft / APT37 / Reaper / Red Eyes Threat Type: Advanced Persistent Threat (APT), Remote‑Access Trojan (RAT), Espionage and Ransomware Exploited Vulnerabilities: CVE‑2017‑8291 (Encapsulated PostScript vulnerability in Hangul Word Processor), CVE‑2024‑38178 (Internet Explorer mode of Microsoft Edge), vulnerabilities in Hancom Office; exploitation of Windows LNK files,

Charon ransomware adopts APT style tactics to target Middle East public sector and aviation

Charon ransomware adopts APT style tactics to target Middle East public sector and aviation

Threat Group: Suspected China linked Earth Baxia affiliate or imitator Threat Type: Ransomware Exploited Vulnerabilities: None confirmed. Suspected spear phishing and DLL sideloading Malware Used: Ransom.Win64.CHARON.THGBCBE Threat Score: 🔴 High (7.5/10) – Advanced persistent threat style capabilities, targeted operations, destructive behaviours, and potential state alignment Last Threat

Fog Ransomware Returns with Expanded Toolset and Enterprise Focus

Fog Ransomware Returns with Expanded Toolset and Enterprise Focus

Threat Group: Unknown (Closed group suspected) Threat Type: Ransomware with espionage-like capabilities Exploited Vulnerabilities: SonicWall VPN (CVE-2024-40766), Veeam RCE (CVE-2024-40711), possible Exchange vulnerabilities Malware Used: Fog Ransomware, Syteca (Ekran) client, Adaptix Beacon, GC2, Stowaway, 7-Zip, MegaSync Threat Score: 🔴 High (8.0/10) – Due to advanced persistence techniques, espionage-style data theft,

Threat Actor Azote Group Expands Nitrogen Ransomware Campaign Targeting IT and Finance

Threat Actor Azote Group Expands Nitrogen Ransomware Campaign Targeting IT and Finance

Threat Group: Azote Group / UNC4696 Threat Type: Ransomware (Double Extortion), Initial Access Broker Exploited Vulnerabilities: Malvertising, DLL Sideloading, Vulnerable Drivers, Social Engineering Malware Used: NitrogenLoader, NitrogenInstaller, NitrogenStager, Sliver, Cobalt Strike, BlackCat/ALPHV, KeeLoader Threat Score: 🔥 Critical (9.1/10) – Due to its modular, evasive attack chain, and confirmed links to

PE32 Ransomware Operators Leverage RDP and Phishing to Breach Enterprise Systems

PE32 Ransomware Operators Leverage RDP and Phishing to Breach Enterprise Systems

Threat Group: - Dmc Threat Type: - Ransomware Exploited Vulnerabilities: - None identified (Phishing and RDP compromise suspected) Malware Used: - PE32 Ransomware Threat Score: - 🔴 High (7.5/10) – Due to Telegram-based C2, data exfiltration, and rapid file encryption Last Threat Observation: - 23 April 2025 Overview PE32 ransomware

MedusaLocker Variant ETHAN Deploys Stronger Encryption and Data Theft

MedusaLocker Variant ETHAN Deploys Stronger Encryption and Data Theft

Threat Group: MedusaLocker Threat Type: Ransomware Exploited Vulnerabilities: No specific vulnerabilities identified; relies on common malware distribution methods Malware Used: ETHAN Ransomware (variant of MedusaLocker) Threat Score: High (9.0/10) – Due to its double-extortion tactics, data encryption capabilities, and impact on critical business operations. Last Threat Observation: March 02,

The New Ransomware Menace Vgod Gains Momentum

The New Ransomware Menace Vgod Gains Momentum

Threat Group – Vgod Crew Threat Type – Ransomware Exploited Vulnerabilities – Unpatched remote code execution flaws, vulnerabilities in VPNs, weak passwords Malware Used – Vgod Ransomware, Custom Trojanized Toolsets Threat Score – High (8.7 out of 10) – Reflecting advanced encryption, double extortion tactics, cross-platform targeting, and alignment with broader ransomware trends Last Threat

Interlock Ransomware Targets FreeBSD and Critical Infrastructure

Interlock Ransomware Targets FreeBSD and Critical Infrastructure

Threat Group: Interlock Threat Type: Ransomware Exploited Vulnerabilities: Network vulnerabilities; FreeBSD and VMware ESXi environments Malware Used: Interlock ransomware variants for FreeBSD and Windows Threat Score: High (8.0/10) — due to cross-platform targeting, focus on critical infrastructure, and double-extortion tactics Last Threat Observation: November 2024 Overview Interlock ransomware is