BeforeCrypt Blog
Latest posts
The Emergence of the Crimson Collective Ransomware
Crimson Collective is a newly identified ransomware-related cyber threat group that surfaced around September 2025. While often associated with ransomware-style extortion, the group primarily focuses on large-scale data exfiltration and leverage-based attacks rather than traditional file encryption. Their operations have drawn significant attention following claims of a major breach involving Red Hat, where they allegedly […]
27.03.2025
The Emergence of the Insomnia Ransomware
Insomnia is a newly identified cyber threat operation that surfaced around October 2025, initially appearing as a ransomware-related threat actor, but quickly distinguishing itself through a fundamentally different approach. Unlike traditional ransomware groups, Insomnia does not rely on file encryption or the use of a ransomware file extension. Instead, it focuses exclusively on large-scale data exfiltration and […]
27.03.2025
The Emergence of the Tengu Ransomware
Tengu is a modern ransomware variant that surfaced around October 2025 and has quickly established itself as an active cyber threat across multiple regions. Operating as a Ransomware-as-a-Service (RaaS) model, Tengu enables affiliates to carry out attacks using shared infrastructure and tooling. Once deployed, the malware encrypts victim data and appends the ransomware file extension “.tengu” to affected files, […]
27.03.2025
News Week: March 9th to March 15th, 2026
ClickFix Variant Abuses Windows Terminal to Bypass Security Controls A newly observed ClickFix variant demonstrates how attackers continue refining social engineering techniques to evade detection and increase success rates. Instead of using the traditional Run dialog, victims are instructed to launch Windows Terminal, creating a more trusted environment for executing malicious commands. Once executed, the […]
27.03.2025
News Week: March 2nd to March 8th, 2026
AI-Driven Ransomware Undermines Traditional Backup Strategies Emerging ransomware threats powered by artificial intelligence are redefining how attackers compromise enterprise environments, with a growing focus on backup systems as primary targets. Instead of immediate encryption, modern attacks rely on stealth, embedding themselves within networks for extended periods to map infrastructure, harvest credentials, and identify recovery mechanisms. […]
27.03.2025
News Week: February 23rd to March 1st, 2026
Wormable Cryptojacking Campaign Combines BYOVD Exploits with Stealthy Propagation Techniques A newly uncovered campaign demonstrates how modern cryptojacking operations are evolving through advanced evasion and persistence mechanisms. Centered around a customized XMRig miner, the attack spreads via pirated software bundles and USB devices, enabling worm-like propagation across systems. At its core is a multi-functional controller that manages […]
27.03.2025
News Week: February 16th to February 22nd, 2026
Advanced macOS ClickFix Variant Introduces Multi-Layered Stealer Techniques The evolving ClickFix campaign now targets macOS systems with a refined variant known as Matryoshka, leveraging layered obfuscation and in-memory execution to evade detection. Victims are redirected via typosquatting domains into fake support pages, where they are tricked into running malicious Terminal commands. This user-driven action bypasses […]
27.03.2025
News Week: February 9th to February 15th, 2026
Cephalus Highlights the Continued Risk of RDP-Driven Ransomware Intrusions Cephalus has surfaced as a notable ransomware threat, illustrating how attackers continue to exploit exposed Remote Desktop Protocol (RDP) services as an initial access vector. Written in Go, the malware reflects the increasing adoption of cross-platform, efficiently compiled tooling by financially motivated groups. Researchers describe Cephalus […]
27.03.2025
News Week: February 2nd to February 8th, 2026
ShadowHS Signals a New Class of Fileless Linux Threats Security researchers have uncovered ShadowHS, a stealth-focused Linux malware framework that operates entirely in memory, avoiding traditional disk-based detection. Instead of dropping executable files, the threat executes via anonymous file descriptors and disguises itself by spoofing legitimate process names. The infection chain relies on a heavily […]
27.03.2025
News Week: January 26th to February 1st, 2026
Why Perfect Ransomware Prevention Is Unrealistic Expecting security vendors to block every ransomware attack ignores a core reality of cybersecurity: protection depends on detection, and detection is never flawless. Defensive tools classify activity as either legitimate or malicious based largely on historical patterns. Attackers exploit this by constantly altering payloads, behaviors, and delivery techniques, making […]
27.03.2025
The Emergence of the Osiris Ransomware
Osiris is a newly identified ransomware variant that surfaced in late 2025 following a targeted attack against a large food service operator in Southeast Asia. Unlike the older malware that shared the same name in 2016, this Osiris ransomware is a completely new strain, built and deployed by experienced threat actors. The malware combines advanced encryption with […]
27.03.2025
News Week: January 19th to January 25th, 2026
Spear-phishing via advertising infrastructure A recently uncovered spear-phishing operation demonstrates how attackers are abusing online advertising mechanisms to deliver advanced malware. In this campaign, known as Operation Poseidon, carefully crafted phishing emails redirect victims through legitimate Google Ads tracking domains before leading them to compromised websites hosting malicious payloads. By hiding harmful destinations inside trusted […]
27.03.2025
The Emergence of the DeadLock Ransomware
First identified in July 2025, DeadLock is a newly discovered ransomware variant that has remained largely under the radar due to its lack of public affiliate programs and the absence of a known data leak site. Despite its low exposure so far, DeadLock represents a serious threat because it combines traditional file encryption with innovative infrastructure techniques. […]
27.03.2025
News Week: January 12th to January 18th, 2026
Unbounded Filename Handling Exposes Memory Corruption Risk A newly identified vulnerability highlights a serious weakness in how the untgz utility within zlib handles user input. In affected builds, a specially crafted command-line argument can trigger a global buffer overflow before any archive content is even processed. The issue originates from copying an archive name directly […]
27.03.2025
BeaverTail Malware Threat Overview
BeaverTail is a JavaScript-based malware family primarily distributed through malicious or trojanized NPM packages. Active since at least 2022 and still evolving, BeaverTail is designed to steal sensitive information and act as a loader for additional malware stages, most notably a Python-based backdoor known as InvisibleFerret. Recent research has linked newer BeaverTail variants to North […]
27.03.2025
DocSwap Android Malware Threat Overview
DocSwap is a newly uncovered Android malware strain attributed to the North Korea–linked threat actor Kimsuky. First reported in December 2025, the malware is distributed through QR-code phishing campaigns that impersonate legitimate logistics and customs notifications, particularly those associated with the South Korean delivery company CJ Logistics. Unlike ransomware, DocSwap does not encrypt files or […]
27.03.2025