Ransomware

ransomware 2026-04-23
Kyber Ransomware: First Production PQC Deployment — Rust Windows Variant, ESXi Variant, Same Affiliate
Rapid7 recovered two Kyber variants from a single incident: a Rust-based Windows encryptor that actually implements Kyber1024 + X25519 + AES-CTR, and an ESXi encryptor whose 'post-quantum' claim is just ChaCha8 under RSA-4096. Same campaign ID, same Tor infrastructure, same affiliate.
ransomware kyber post-quantum esxi hyper-v rust-malware chacha8 kyber1024 x25519 rapid7
ransomware 2026-04-18
Payouts King Runs Hidden QEMU VMs to Bypass EDR — STAC4713 and CitrixBleed 2 Campaigns
Sophos tracks two Payouts King campaigns running Alpine Linux inside QEMU on Windows hosts to tunnel reverse SSH and evade endpoint security. STAC3725 chains in CitrixBleed 2 (CVE-2025-5777) against NetScaler.
ransomware payouts-king qemu gold-encounter citrixbleed stac4713 stac3725 netscaler edr-evasion black-basta
Ransomware 2026-04-13
Anubis Ransomware Gang Claims 2TB Exfiltration from Signature Healthcare as Brockton Hospital Diverts Ambulances
Anubis RaaS group claims theft of 2TB of patient data from Signature Healthcare while Brockton Hospital diverts ambulances, cancels chemo, and operates on paper charts a week after the attack.
ransomware healthcare anubis data-breach incident-response

Kyber Ransomware: First Production PQC Deployment — Rust Windows Variant, ESXi Variant, Same Affiliate