BERT RANSOMWARE - THE RAVEN FILE

SUMMARY :

BERT Ransomware, active since March 2025, has expanded its operations to target both Windows and Linux environments. The group uses phishing for initial access and communicates via the dark web and Sessions for negotiations. Victims span multiple countries, primarily affecting service and manufacturing sectors. The Windows variant employs multiple file extensions and RSA encryption, while the Linux version shares code with Sodinokibi/REvil ransomware. A weaponized PowerShell script is used to disable security features before payload execution. The ransomware's infrastructure is linked to a Russian firm, suggesting potential ties to the region.

OPENCTI LABELS :

powershell,phishing,ransomware,linux,windows,encryption,revil,sodinokibi,dark web,bert ransomware


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


BERT RANSOMWARE - THE RAVEN FILE