216.73.216.36

BERT RANSOMWARE - THE RAVEN FILE

· Published 20/06/2025 19:25 · Modified 23/06/2025 23:21

Export JSON

Essential information

Published
20/06/2025 19:25
Modified
23/06/2025 23:21
Tags
2025-06-20 bert ransomware dark web encryption linux phishing powershell ransomware revil sodinokibi windows
Related entities
11 observables, 1 intrusion sets (apt), 8 others

Description

, active since March 2025, has expanded its operations to target both and environments. The group uses for initial access and communicates via the and Sessions for negotiations. Victims span multiple countries, primarily affecting service and manufacturing sectors. The variant employs multiple file extensions and RSA , while the version shares code with / . A weaponized script is used to disable security features before payload execution. The 's infrastructure is linked to a Russian firm, suggesting potential ties to the region.

External references