Healthcare, technology, and event services organizations in the U.S., Asia, and Europe have had their Windows and Linux systems targeted by the newly emergent Bert ransomware operation, reports The Record, a news site by cybersecurity firm Recorded Future.
Initial access to targeted systems via still unknown means has been followed by the deployment of an antivirus-deactivating PowerShell script that ensures covert ransomware delivery and execution, an analysis from Trend Micro revealed. Numerous other variants of the Bert ransomware are already being developed by attackers, who are believed to be linked to Russia due to their utilization of the country's infrastructure for attacks, while further analysis of the ransomware has noted possible origins from REvil's Linux variant. Such findings come after the REvil ransomware gang, which was disrupted four years ago, had its members freed by a Russian court following carding fraud- and stolen payment data trafficking-related convictions due to time already served.
Initial access to targeted systems via still unknown means has been followed by the deployment of an antivirus-deactivating PowerShell script that ensures covert ransomware delivery and execution, an analysis from Trend Micro revealed. Numerous other variants of the Bert ransomware are already being developed by attackers, who are believed to be linked to Russia due to their utilization of the country's infrastructure for attacks, while further analysis of the ransomware has noted possible origins from REvil's Linux variant. Such findings come after the REvil ransomware gang, which was disrupted four years ago, had its members freed by a Russian court following carding fraud- and stolen payment data trafficking-related convictions due to time already served.
