Friday, May 2, 2025
Homecyber securityUnderground Ransomware Continues to Attack Industries Of Various Sizes

Underground Ransomware Continues to Attack Industries Of Various Sizes

Published on

SIEM as a Service

Follow Us on Google News

Over the past year, the ransomware actor known as “Underground” has been less active than other groups, yet they remain a threat in the cybersecurity landscape.

Despite their reduced activity, Underground continues to target industries of various sizes, causing substantial disruptions and financial losses.

Lengthy Ransom Notes and Exfiltrated Data

According to Broadway reports, Underground is notorious for generating a lengthy ransom note, typically named! Unable to render embedded object: File (READ_ME) not found.!.txt. This note contains detailed information about the data that has been infiltrated.

- Advertisement - Google News

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs:Try Free Demo 

Victims are provided with an ID and a password, which they must use to connect with the ransomware group through a website on the TOR network.

Associated malicious indicators are blocked and detected by existing policies within VMware Carbon Black products.

The recommended policy is to block all types of malware (Known, Suspect, and PUP) from executing and delay execution for cloud scans to maximize the benefits of VMware Carbon Black Cloud reputation service.

While Underground may not be as active as other ransomware groups, their continued presence and ability to target various industries make them a persistent threat.

Organizations must remain vigilant and employ comprehensive cybersecurity measures to protect against sophisticated attacks.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Sign up for free



Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in...

CISA Issues Alert on Actively Exploited Apache HTTP Server Escape Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a...

Disney Hacker Admits Guilt After Stealing 1.1TB of Internal Data

A 25-year-old man from Santa Clarita, California, has agreed to plead guilty to hacking...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in...

CISA Issues Alert on Actively Exploited Apache HTTP Server Escape Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a...