BERT is a financially motivated ransomware group that first emerged in April 2025, deploying multi-platform ransomware variants compatible with both Windows and Linux systems, including those targeting ESXi virtual machines. The group is distinguished by its blend of a simple codebase with efficient attack execution, allowing for streamlined operations and evasion despite its less complex malware. Assessed with moderate confidence to be of Russian origin due to observed infrastructure, BERT does not utilize a structured negotiation portal, instead conducting victim communications via privacy-focused messaging channels and exclusively demanding Bitcoin payments. The group also utilizes customized ransomware builds rather than readily available malware.

Sectores atacados

URLs nuevas detectadas en IntelTracker