CYFIRMA Research- Tracking Ransomware: September 2025

Update: 2025-10-07

Description

CYFIRMA’s Sept 2025 Ransomware Report highlights major evolutions across the ransomware landscape. Akira advanced by bypassing MFA on SonicWall VPNs through OTP seed theft, signalling a move beyond patchable flaws. MalTerminal broke new ground with AI-powered, runtime-generated ransomware payloads, while Scattered Spider reemerged to target financial workflows via AI-driven vishing and VMware ESXi exploits. CountLoader reinforced Russia’s ecosystem with modular, multi-language loaders distributing Cobalt Strike, AdaptixC2, and PureHVNC. HybridPetya escalated the threat to firmware-level extortion, exploiting Secure Boot (CVE-2024-7344) and encrypting the MFT at pre-boot for near-irrecoverable persistence.

Link to the Research Report: https://www.cyfirma.com/research/tracking-ransomware-september-2025/

#CyberSecurity #Ransomware #ThreatIntel #ETLM #CYFIRMA #Akira #MalTerminal #ScatteredSpider #CountLoader #HybridPetya #AIThreats #CYFIRMAresearch #ExternalThreatLandscapeManagement #ETLM

https://www.cyfirma.com/

Comments

In Channel

CYFIRMA Research- RTO Challan Fraud A Technical Report on APK-Based Financial and Identity Theft

2025-12-1607:17

CYFIRMA Research- Tracking Ransomware – November 2025

2025-12-1205:17

CYFIRMA Research- APT36 Python Based ELF Malware Targeting Indian Government Entities

2025-12-1104:46

CYFIRMA Research: North Korean Cyber Crime as a Statecraft Tool

2025-12-0907:08

CYFIRMA Research: Rising Cybercrime During Black Friday & Cyber Monday- A 2025 Threat Intelligence Report

2025-12-0108:05

CYFIRMA Research: Tycoon 2FA- A Technical Analysis of its Adversary-in-the-Middle Phishing Operation

2025-11-2703:21

CYFIRMA Research- Pig Butchering Scams: Cybercrime Threat Intelligence

2025-11-2107:51

CYFIRMA Research- Regional Stability on Shaky Ground: Cyber Threat Escalation in the Middle East

2025-11-1407:15

CYFIRMA Research- Telemetry Relay: When Diagnostics Turn Against You

2025-11-1106:07

CYFIRMA Research- Tracking Ransomware: October 2025

2025-11-1003:19

CYFIRMA Research: Android/BankBot- YNRK Mobile Banking Trojan

2025-11-0403:50

CYFIRMA Research- GhostGrab Android Malware

2025-11-0305:17

Cyfirma Research- CVE-2025-6541: TP-Link Omada Gateway Remote Command Injection Vulnerability Analysis

2025-10-3104:51

CYFIRMA Research: DPRK Sanctions Violations in Cyber Operations Post-UN Panel Demise

2025-10-1305:49

CYFIRMA Research- Tracking Ransomware: September 2025

2025-10-0704:11

CYFIRMA Research: Yurei Ransomware- The Digital Ghost

2025-10-0606:14

CYFIRMA Research- DeerStealer Malware Campaign: Stealth, Persistence, and Rootkit-Like Capabilities

2025-09-2203:30

CYFIRMA Research- Defence Industry Threat Report

2025-09-1906:04

CYFIRMA Research: Unmasking a Python Stealer- XillenStealer

2025-09-1706:18

CYFIRMA Research- Digital Frontlines: India Under Multi-Nation Hacktivist Attacks

2025-09-1506:57

00:00

CYFIRMA Research- Tracking Ransomware: September 2025

#box-pro-ellipsis-176596975286033{-webkit-line-clamp:2;}CYFIRMA Research- Tracking Ransomware: September 2025

CYFIRMA Research- Tracking Ransomware: September 2025

CYFIRMA

CYFIRMA Research- Tracking Ransomware: September 2025