Threat Intelligence

Medusa is a configurable ransomware toolkit that operators tune at runtime—from surgical strikes to full network outages—using flags to control scope, visibility, and cleanup. Defenders should hunt precursors (mass service stops, odd command-line flags, rare API cal…

SafePay, active since late 2024, is a quiet but fast-moving in-house ransomware group that uses VPN/RDP and stolen credentials to exfiltrate data and rapidly encrypt high-value targets; defenders should watch for unusual remote logins, privilege escalation, and shadow-c…

DragonForce has evolved from hacktivists into a professional double-extortion ransomware operation. This post gives a hands-on technical breakdown—encryption scheme (ChaCha + appended footer), loader/evasion tactics, kernel driver abuse, exfiltration capabilities, MIT…

Bert ransomware is brutally efficient and deceptively simple. Unlike advanced families packed with obfuscation, Bert relies on speed, multithreaded AES encryption, and ruthless process termination to cripple Windows and Linux systems. This post examines its use of Power…