1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • New Gold Salem ransomware could be the most worrying new strain w

    From TechnologyDaily@1337:1/100 to All on Fri Sep 19 15:00:10 2025
    New Gold Salem ransomware could be the most worrying new strain we've seen
    for a while

    Date:
    Fri, 19 Sep 2025 13:53:33 +0000

    Description:
    A new ransomware group has amassed more than 60 victims in just a few months.

    FULL STORY ======================================================================Warlock ransomware group compromised over 60 victims since emerging in March 2025 Sophos highlights advanced tactics including SharePoint exploits, tunneling, and credential theft Group claims to have sold stolen data from 45% of
    victims to private buyers

    Security researchers have warned of a new ransomware operation making a name for itself, rather fast.

    Sophos has detailed the works of a group that calls itself Warlock - although different analysts gave the group different names, so Warlock is also being tracked as Gold Salem by Sophos, or Storm-2603 by Microsoft.

    Sophos says it could be the most worrying new strain thats emerged in a
    while, as they managed to compromise more than 60 victims since March 2025 when it was first observed. Is Warlock a Chinese player?

    Its not just the number of victims thats worrying here. The groups operations reflect both competence and boldness because, in mere months, they managed to exploit SharePoint vulnerabilities with a custom ToolShell chain, abuse legitimate tools such as Velociraptor for covert tunneling, deploy Mimikatz for credential theft, PsExec/Impacket for lateral movement, and GPOs for ransomware payloads.

    Theyve also managed to solicit exploits and access from underground forums despite having no prior public footprint.

    Attribution is proving rather tricky, though. Microsoft refers to Warlock as
    a China-based actor, but Sophos argues the evidence is inconclusive. Still, the group was observed targeting all sorts of organizations, from all sorts
    of countries and verticals, yet theyve skillfully avoided targeting Russian and Chinese organizations.

    There is an outlier, though - a single Russian entity was recently added to the groups data leak site. For Sophos, this information suggests the group operates outside Russias jurisdiction or sphere of influence.

    Still, out of the 60+ victims the group added to its site, it claims to have stolen data from 27 to private buyers (approximately 45%).

    Whats notable here is that only 32% of victims had their data publicly
    leaked, which suggests that the rest may have paid or had their data sold privately.

    Sophos also stresses that the 45% claim may be inflated, or outright fabricated, as ransomware groups often exaggerate their impact to boost credibility and instill fear. You might also like Colt confirms customer data stolen as Warlock ransomware crew auctions off details Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/new-gold-salem-ransomware-could-be-the- most-worrying-new-strain-weve-seen-for-a-while


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)