EN
DE
BeforeCrypt Blog
Latest posts
BeaverTail Malware Threat Overview
BeaverTail is a JavaScript-based malware family primarily distributed through malicious or trojanized NPM packages. Active since at least 2022 and still evolving, BeaverTail is designed to steal sensitive information and act as a loader for additional malware stages, most notably a Python-based backdoor known as InvisibleFerret. Recent research has linked newer BeaverTail variants to North […]
19.12.2025
DocSwap Android Malware Threat Overview
DocSwap is a newly uncovered Android malware strain attributed to the North Korea–linked threat actor Kimsuky. First reported in December 2025, the malware is distributed through QR-code phishing campaigns that impersonate legitimate logistics and customs notifications, particularly those associated with the South Korean delivery company CJ Logistics. Unlike ransomware, DocSwap does not encrypt files or […]
19.12.2025
The Emergence of the VolkLocker Ransomware
First identified in August 2025, VolkLocker is a newly discovered ransomware variant operated by the pro-Russian hacktivist group CyberVolk (also known as GLORIAMIST). Designed as a ransomware-as-a-service (RaaS) offering, VolkLocker targets both Windows and Linux systems and encrypts files using strong cryptographic routines. Notably, security researchers have uncovered a critical implementation flaw that allows affected victims to […]
18.12.2025
News Week: December 8th to December 14th, 2025
Polish authorities detain suspects over alleged cyber intrusion attempts Polish law enforcement has detained three Ukrainian nationals suspected of preparing cyber-related offenses involving sensitive systems. The men, aged between 39 and 43, were stopped during a routine check and reportedly raised suspicion due to their behavior and unclear travel explanations. A subsequent vehicle search led […]
15.12.2025
News Week: December 1st to December 7th, 2025
New Oracle-related breach highlights ongoing risks for higher education The University of Pennsylvania has disclosed another security incident after unauthorized access to files stored in its Oracle E-Business Suite environment was identified. According to breach notifications, attackers exploited a previously unknown vulnerability to obtain documents containing personal identifiers, with at least 1,488 individuals confirmed as […]
08.12.2025
News Week: November 24th to November 30th, 2025
Harvard breach linked to voice-phishing and possible zero-day activity Harvard University revealed that attackers gained access to its Alumni Affairs and Development systems through a targeted voice-phishing scheme, exposing contact details and engagement records of alumni, donors, staff, and some students. While no passwords, financial data, or Social Security numbers were stored in the affected […]
01.12.2025
News Week: November 17th to November 23rd, 2025
Pennsylvania Attorney General Confirms Major Data Exposure After August Attack In November 2025, the Pennsylvania Office of the Attorney General officially acknowledged that an August breach led to the theft of sensitive personal and medical information. The intrusion, later claimed by the INC Ransom group—an active RaaS (ransomware-as-a-service) operation — resulted in files containing names, […]
24.11.2025
Sarcoma Ransomware
Originally discovered in 2021, the Sarcoma ransomware variant remains a significant threat today. In particular instances, Sarcoma struck the ABC Business and the XYZ Hospital group, causing substantial disruption and data loss. This ransomware not only encrypts victim data but also steals sensitive information, risking further exposure on leak sites. Category Details Ransomware Name Sarcoma […]
20.11.2025
SafePay Ransomware
SafePay Ransomware, a ransomware variant first discovered in late 2020, presents a substantial threat to businesses and individual users today due to its aggressive encrypting capability and high persistence. There have been several reports of this malware attacking various public and private entities worldwide. For instance, the ransomware was thorough in its onslaught against a […]
20.11.2025
ShinySp1d3r Ransomware
First detected in May 2021, the ShinySp1d3r Ransomware remains a significant threat to this day. Despite its relative newness, it’s already been responsible for two major public incidents, the hospital attack and a cybersecurity firm breach. Information on ShinySp1d3r Ransomware Category Details Ransomware Name(s) ShinySp1d3r Ransomware First Detected/Reported May 2021 Targeted Operating Systems Windows File […]
20.11.2025
News Week: November 10th to November 16th, 2025
Guilty Plea in U.S. Case Against Yanluowang Access Broker A Russian national has agreed to plead guilty to acting as an initial access broker for the Yanluowang ransomware operation, providing network entry points to attackers who later launched targeted intrusions across several U.S. companies between 2021 and 2022. FBI investigators uncovered key evidence through server […]
17.11.2025
News Week: November 3rd to November 9th, 2025
Cybersecurity Experts Charged for Involvement in BlackCat Ransomware Attacks In a striking turn of events, three former cybersecurity professionals from DigitalMint and Sygnia have been charged for their alleged participation in BlackCat ransomware operations. Prosecutors claim the defendants acted as affiliates of the notorious ransomware gang, infiltrating company networks, stealing sensitive data, and deploying encryption […]
12.11.2025
CiphBit Ransomware
CiphBit ransomware, first discovered in 2020, continues to pose a significant risk due to its uncrackable encryption and persistence in victims’ networks. Two notable incidents include the attack on Travelex currency exchange in January 2020 and the crippling of hospital systems in the Universal Health Services network in the U.S in September 2020. This ransomware […]
09.09.2025
News Week: July 28th to August 3rd, 2025
Remote Code Execution in PaperCut Software Draws Ransomware Gang Interest A recently patched remote code execution (RCE) flaw in PaperCut NG/MF (CVE-2023-2533) is now actively exploited, prompting CISA to urge immediate action. The bug enables attackers to change security settings or run arbitrary code if an authenticated admin clicks a crafted link, often via cross-site […]
04.08.2025
News Week: July 21st to July 27th, 2025
Over 1,000 CrushFTP Servers Exposed to Zero-Day Exploit and Ransomware Threats More than 1,000 CrushFTP servers remain vulnerable to a critical zero-day flaw, putting them at risk of hijack attempts and data breaches. The issue, tracked as CVE-2025-54309, stems from improper AS2 validation and affects all versions below 10.8.5 and 11.3.4_23. While a fix has […]
28.07.2025
News Week: July 14th to July 20th, 2025
Interlock Ransomware Leverages FileFix and RDP in New Attack Wave Interlock ransomware has recently adopted a stealthier attack method known as FileFix to deliver remote access trojans (RATs) onto victims’ systems. This method manipulates Windows elements like File Explorer to trick users into pasting disguised PowerShell commands, which then download malware hosted on platforms like […]
21.07.2025