RansomLookNew post from #Lamashtu : Shanpoornam Metals
More at : https://www.ransomlook.io/group/Lamashtu #Ransomware
More at : https://www.ransomlook.io/group/Lamashtu #Ransomware
ransomNewsπ¨ nuova rivendicazione #ransomware Italia π¨
π΄ββ οΈ gruppo #TheGentlemen
𧬠Fonderia Corrà S.P.A. | Thiene (VI)
π― settore: industria metallurgica
π fonderiacorra.com
ποΈ 29 maggio 2026
π sample: -
βͺοΈ dati esfiltrati dichiarati: -
βͺοΈ dati esfiltrati pubblicati: -
β²οΈ scadenza: 07 giugno 2026
#ransomNews
π¨ nuova rivendicazione #ransomware Italia π¨
π΄ββ οΈ gruppo #Nova
𧬠Bencini Giulio Casa Safer | Firenze
π― settore: turismo e accoglienza
π casasafer.it
ποΈ 28 maggio 2026
π sample: -
βͺοΈ dati esfiltrati dichiarati: -
βͺοΈ dati esfiltrati pubblicati: -
β²οΈ scadenza: 10 giugno 2026
#ransomNews #cyberthreats
π¨ nuova rivendicazione #ransomware Italia π¨
π΄ββ οΈ gruppo #DragonForce
𧬠Pieralisi MAIP S.P.A. | Jesi (AN)
π― settore: industria meccanica
π pieralisi.com
ποΈ 27 maggio 2026
π sample: -
βͺοΈ dati esfiltrati dichiarati: 1.31GB
βͺοΈ dati esfiltrati pubblicati: --
β²οΈ scadenza: 06 giugno 2026
#ransomNews
RedPacket Security[AILOCK] - Ransomware Victim: Restorative Therapies, Inc[.] - https://www.redpacketsecurity.com/ailock-ransomware-victim-restorative-therapies-inc/
#ailock #dark_web #data_breach #OSINT #ransomware #threatintel #tor
OTX BotThe Gentlemen ransomware: Dissecting a self-propagating Go encryptor
The Gentlemen is a ransomware-as-a-service operation tracked as Storm-2697, distinguished by combining robust per-file encryption using Curve25519 with XChaCha20 stream cipher alongside aggressive self-propagation capabilities designed for broad network compromise. Emerging in mid-2025 and transitioning to RaaS by September 2025, the operation recently partnered with BreachForums to recruit affiliates including penetration testers and initial access brokers. Written in Go and obfuscated with Garble, the ransomware employs double extortion tactics, encrypting data while exfiltrating sensitive information. It utilizes 21 distinct lateral movement techniques per target host, including PsExec, WMI, scheduled tasks, services, and PowerShell remoting. The malware disables defenses, deletes shadow copies and forensic artifacts, and can optionally wipe free disk space to prevent recovery, impacting organizations globally across education, transportation, healthcare, and finance sectors.
Pulse ID: 6a189defc88ad66cd0a9d87d
Pulse Link: https://otx.alienvault.com/pulse/6a189defc88ad66cd0a9d87d
Pulse Author: AlienVault
Created: 2026-05-28 19:56:31
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#ChaCha20 #CyberSecurity #ELF #Education #Encryption #Extortion #Healthcare #ICS #InfoSec #Malware #OTX #OpenThreatExchange #PowerShell #PsExec #RAT #RaaS #RansomWare #RansomwareAsAService #bot #AlienVault
CTI.FYIπ¨New ransom group blog post!π¨
Group name: AiLock
Post title: Restorative Therapies, Inc.
Info: https://cti.fyi/groups/AiLock.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
The Gentlemen ransomware: Dissecting a self-propagating Go encryptor - https://www.redpacketsecurity.com/the-gentlemen-ransomware-dissecting-a-self-propagating-go-encryptor/
#threatintel
#ransomware
#cybersecurity
#Go
#lateral-movement
#encryption
New post from #Ailock : Restorative Therapies, Inc.
More at : https://www.ransomlook.io/group/Ailock #Ransomware
More at : https://www.ransomlook.io/group/Ailock #Ransomware
New post from #Shinyhunters : Bcd Travel
More at : https://www.ransomlook.io/group/Shinyhunters #Ransomware
More at : https://www.ransomlook.io/group/Shinyhunters #Ransomware
