BERT Ransomware Group Targets Asia and Europe on Multiple Platforms

July 13, 2025, 9:39 a.m.

Description

A newly emerged ransomware group called BERT has been targeting organizations across Asia and Europe since April. The group employs simple code with effective execution, impacting sectors such as healthcare, technology, and event services. BERT's ransomware operates on both Windows and Linux platforms, using PowerShell-based loaders, privilege escalation, and concurrent file encryption. On Linux systems, it can support up to 50 threads for fast encryption and forcibly shut down ESXi virtual machines. The group's tactics include disabling security features, terminating specific processes, and using standard encryption algorithms. BERT's variants have evolved, streamlining their encryption process and expanding their targeting activities. The Linux variant shows similarities to the REvil ransomware, suggesting possible code reuse.

External References

https://www.trendmicro.com/en_us/research/25/g/bert-ransomware-group-targets-asia-and-europe-on-multiple-platforms.html
https://otx.alienvault.com/pulse/686bb6597ce02f8f4a33b453
Tags
linux
ransomware
powershell
windows
encryption
esxi
europe
asia
2025-07-07
bert

Date

  • Created: July 7, 2025, 11:58 a.m.
  • Published: July 7, 2025, 11:58 a.m.
  • Modified: July 13, 2025, 9:39 a.m.

Indicators

  • bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4
  • 75fa5b506d095015046248cf6d2ec1c48111931b4584a040ceca57447e9b9d71
  • 1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326
  • 70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4
  • c7efe9b84b8f48b71248d40143e759e6fc9c6b7177224eb69e0816cc2db393db
  • b2f601ca68551c0669631fd5427e6992926ce164f8b3a25ae969c7f6c6ce8e4f
  • 8478d5f5a33850457abc89a99718fc871b80a8fb0f5b509ac1102f441189a311
  • 185.100.157.74
  • http://185.100.157.74/payload.exe
Download all indicators here!

Attack Patterns

  • Green Lambert - S0690
  • BERT

Additional Informations

  • Technology
  • Healthcare