Bleeping Computer

New version of the CryptoMix Ransomware Using the Wallet Extension

A new CryptoMix, or CryptFile2, variant was released that is now using the .[payment_email].ID[VICTIM_16_CHAR_ID].WALLET extension for encrypted files. This is very annoying as it makes it more ...

Windows shortcut files targeted by ransomware gang Global Group

When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in ...
Bleeping Computer

Locky Ransomware Switches to the Asasin Extension via Broken Spam Campaigns

Today a new Locky Ransomware variant was released that now uses the .asasin extension for encrypted files. Personally, I thought the previous extension, ykcol, was more clever, while this one ...
Infosecurity Magazine

Phorpiex Phishing Delivers Low-Noise Global Group Ransomware

A high-volume phishing campaign delivering the long-running Phorpiex malware has been observed using emails with the subject line "Your Document," a lure widely seen throughout 2024 and 2025. The ...
CSO Online

Windows shortcut weaponized in Phorpiex-linked ransomware campaign

Researchers revealed a Phorpiex-distributed phishing campaign using malicious LNK files to deploy Global Group ransomware ...
Dark Reading

Attacker Mistake Botches Cyborg Ransomware Campaign

These are the two subject lines of fraudulent emails disguised to appear as Windows Update notifications while containing malicious attachments to infect targets with Cyborg ransomware. While the ...