In this week’s roundup, we explore Britain’s continued struggle to contain an expanding ransomware crisis, the emergence of Qilin’s hybrid Linux and BYOVD exploits reshaping attack complexity, a 28% spike in global ransomware incidents after months of decline, Gunra’s sophisticated dual-encryption campaigns targeting Windows and Linux systems, and new victims uncovered from the rapidly evolving LockBit 5.0 operation—highlighting how threat actors are refining tactics faster than most defenses can adapt. Read on!
Why Britain is Struggling to Stop the Ransomware Cyberattacks Recent analysis highlights Britain’s escalating ransomware challenge—illustrated by the £1.9 billion impact of the Jaguar Land Rover breach and a 50% rise in “highly significant” incidents—caused by an attack surface built on complex, insecure internet-enabled systems, widespread social engineering, and the proliferation of ransomware-as-a-service.
"The LockBit ransomware gang has evolved into a full-platform threat, with its latest variant supporting Windows, Linux, and VMware ESXi. This means attackers can breach a Windows system, then pivot laterally to encrypt virtual infrastructure. Organizations need proactive security—including runtime protection across all operating systems, strong segmentation, and resilient backup strategies—to stay ahead of these cross-platform attacks."
On New LockBit Ransomware Victims Identified by Security Researchers
"The drastic rise in ransomware attacks over recent months is not at all surprising. Ransomware attacks have been increasingly popular moneymakers for threat actors over recent years. North America and Europe as the focuses of such attacks is interesting and may be somewhat telling as to the national origins and/or motivations of many such threat actors. Current legal systems and international law enforcement practices struggle to keep up. Bringing cybercriminals to justice has always been difficult but is increasingly difficult when the criminals reside in countries which may be less than friendly with North American and European nations. There's never been a more crucial time to ensure you have an incident response plan and every sensible protection."
On Ransomware Attacks Jumped 28% in September
Qilin Ransomware Combines Linux Payload withith BYOVD Exploit in Hybrid Attack
A sophisticated ransomware-as-a-service operation known as Qilin (also called Agenda) has evolved into hybrid attacks that combine Linux-based payloads and Bring Your Own Vulnerable Driver (BYOVD) exploits to successfully infiltrate both Windows and client environments while targeting remote monitoring and management tools, backup systems, and virtualization infrastructures.
Ransomware attacks surged 28% in September, totaling 421 global incidents—the first monthly rise in six months—driven by the resurgence of major threat groups like LockBit and Play, and the growing adoption of ransomware-as-a-service (RaaS) models that are rapidly spreading across manufacturing, healthcare, education, and government sectors, signaling an alarming trend toward more coordinated, financially motivated, and infrastructure-disruptive campaigns worldwide.
Gunra Ransomware Targeting Windows and Linux Systems Through Two Encryption Techniques
A newly identified ransomware strain called Gunra emerged in April 2025, using advanced double-extortion tactics—encrypting Windows and Linux systems, exfiltrating data, appending “.ENCRT” to files, dropping “R3ADM3.txt” ransom notes, and employing multithreaded encryption with evasion techniques to swiftly compromise organizations across manufacturing, healthcare, real estate, and other sectors.
New LockBit Ransomware Victims Identified by Security Researchers
Security researchers have identified dozens of new victims tied to the LockBit ransomware gang—with nearly half impacted by its latest 5.0 variant—underscoring the group’s growing sophistication, expanded targeting across manufacturing, healthcare, and government sectors, and continued dominance in double-encryption, data exfiltration, and extortion campaigns that reinforce its position as one of the most persistent and adaptive global threat actors.
.png?upscale=true&width=1120&upscale=true&name=Copy%20of%20WTR%20Newsletter%20Email%20Header%20(12).png)
