Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Bert

BERT is a newly emerged ransomware group first identified in mid-2025, targeting Windows and Linux platforms across healthcare, technology, and event services sectors in Asia, Europe, and the US, with ransomware derived from a Linux variant of REvil using AES encryption and multi-threaded file locking.
External information

Victims
7
 
First Discovered
2025-04-06
victim
Last Discovered
2025-06-10
victim
Inactive Since
336
days
Avg Delay
2
days
Infostealer
14.3%
victims with domain
Countries
6
hit
View Victims on World Map View Group Statistics
Attack Velocity — Last 12 months
Known Locations (1)
Favicon Title Type Available Last Visit Server Info FQDN
favicon BERT No 2026-04-28T07:22:42 bertblogsoqmm4ow7nqyh5ik7etsmefdbf25stauecytvwy7tkgizhad.onion
Target
Top 5 Activity Sectors
  • Technology 3
  • Transportation/Logistics 1
  • Construction 1
  • Healthcare 1
  • Business Services 1
Top 5 Countries
  • US flag United States 2
  • GB flag United Kingdom 1
  • CO flag Colombia 1
  • MY flag Malaysia 1
  • TW flag Taiwan, Province of China 1
Heatmap
Ransom Notes (1)
YARA Rules (1)
Indicators of Compromise (IoCs) (12)
Hash MD5 9 IP Address 2 session 1
Type IOC
Hash MD5 003291d904b89142bada57a9db732ae7
Hash MD5 00fdc504be1788231aa7b7d2d1335893
Hash MD5 29a2cc59a9ebd334103ce146bca38522
Hash MD5 38ce06bf89b28ccebf5a78404eb3818e
Hash MD5 3e581aad42a2a9e080a4a676de42f015
Hash MD5 5cab4fabffeb5903f684c936a90e0b46
Hash MD5 71dc9540eb03f2ed4d1b6496b13fe839
Hash MD5 d1013bbaa2f151195d563b2b65126fa3
Hash MD5 edec051ce461d62fbbd3abf09534b731
IP Address 169.254.169.254
IP Address 185.100.157.74
session 05149ef8a65c342bc76bad335ad3a314ec1321b18cdb6092667083b4e56a4dcb41
Victims (7)
Logo
S5 Agency World GB
Bert
Discovered: 2025-06-10 (11mo ago)
S5 Agency World is a global port agency operating in over 360 ports, specializing in vessel and carg…
Logo
Columbia TI CO
Bert
Discovered: 2025-06-05 (11mo ago)
Columbia Integração delivers IT solutions in cloud, cybersecurity, and infrastructure to drive digit…
Logo
Wawasan Dengkil Sdn Bhd MY
Bert
Discovered: 2025-05-22 (11mo ago)
Wawasan Dengkil Sdn Bhd is a Malaysian construction company founded in 2003. It specializes in earth…
Logo
ALL RING TECH CO., LTD. TW
Bert
Discovered: 2025-05-16 (0y ago)
All Ring Tech is a Taiwanese company producing advanced automation equipment for semiconductors, LED…
Logo
SIMCO Electronics US
Bert
Discovered: 2025-04-30 (1y ago)
SIMCO Electronics is a leading provider of calibration and software solutions for technology compani…
Logo
Yozgat City Hospital TR
Bert
Discovered: 2025-04-09 (1y ago)
Modern hospital in Yozgat offering quality care and innovation. Patient health is protected — their …
Logo
National Ticket Company US
Bert
Discovered: 2025-04-06 (1y ago)  ·  Attack est.: 2025-04-04
National Ticket Company – Tickets and wristbands since 1907.…