The “new” VECT 2.0 ransomware is essentially a cross‑platform data wiper that permanently destroys most enterprise files rather than encrypting them for recovery. For any file larger than 131,072 bytes (128 KB), VECT processes four separate chunks usin…

Vect 2.0 Ransomware‑as‑a‑Service (RaaS) operation is rapidly evolving into a multi‑platform threat that can encrypt Windows, Linux, and VMware ESXi environments across modern hybrid infrastructures. The group runs a classic affiliate model, renting out…

Ransomware operators introduced a custom-built data exfiltration tool, signaling a notable evolution in attack techniques. Unlike most ransomware groups that rely on publicly available utilities such as Rclone or MegaSync, Trigona affiliates are now us…

A newly analyzed ransomware campaign dubbed “JanaWare” is targeting users in Turkey by leveraging a customized version of the Adwind Remote Access Trojan (RAT). The campaign combines stealthy delivery techniques, geographic restrictions, and polymorphi…

Attackers are increasingly abusing QEMU virtual machines to hide credential theft and ransomware staging inside “invisible” virtual environments, making detection and forensics significantly harder for defenders. QEMU is a legitimate open-source emulat…

Payouts King is emerging as a technically sophisticated ransomware operation believed to be run by former BlackBasta affiliates, reusing their social‑engineering playbook while introducing hardened obfuscation and encryption routines. The group focuses…

A new ransomware campaign dubbed “JanaWare”, leveraging a customized variant of the Adwind remote access Trojan (RAT) to target users in Turkey. The malware exhibits polymorphic behavior, advanced obfuscation, and strict geofencing controls to restrict…