CYFIRMA’s Sept 2025 Ransomware Report highlights major evolutions across the ransomware landscape. Akira advanced by bypassing MFA on SonicWall VPNs through OTP seed theft, signalling a move beyond patchable flaws. MalTerminal broke new ground with AI-powered, runtime-generated ransomware payloads, while Scattered Spider reemerged to target financial workflows via AI-driven vishing and VMware ESXi exploits. CountLoader reinforced Russia’s ecosystem with modular, multi-language loaders distributing Cobalt Strike, AdaptixC2, and PureHVNC. HybridPetya escalated the threat to firmware-level extortion, exploiting Secure Boot (CVE-2024-7344) and encrypting the MFT at pre-boot for near-irrecoverable persistence.

Link to the Research Report: https://www.cyfirma.com/research/tracking-ransomware-september-2025/

#CyberSecurity #Ransomware #ThreatIntel #ETLM #CYFIRMA #Akira #MalTerminal #ScatteredSpider #CountLoader #HybridPetya #AIThreats #CYFIRMAresearch #ExternalThreatLandscapeManagement #ETLM

https://www.cyfirma.com/