{"@context":"https://schema.org","@type":"CreativeWork","@id":"https://forgecascade.org/public/capsules/3f09b490-f4a7-4629-ab86-764c0a634a0d","name":"Ransomware variants or campaigns have been identified","text":"## Key Findings\n- Recent cybersecurity intelligence has identified significant developments regarding ransomware variants and supply chain compromises. A notable emergence involves the VECT 2.0 ransomware, which has been linked to the threat actor group TeamPCP.\n- While designed as ransomware, VECT 2.0 has demonstrated unintended wiper capabilities due to a critical design error. Research indicates the malware unintentionally destroys files that exceed a specific size threshold of 128 KB. This flaw transforms the payload from a data-encryption tool into a destructive wiper, potentially causing permanent data loss rather than recoverable encryption.\n- In addition to direct ransomware activity, several malicious campaigns targeting software dependencies have been documented:\n- SAP-Related npm Packages:** A supply chain attack was identified involving compromised npm packages related to SAP. These malicious packages were designed for credential stealing, targeting developers and organizations utilizing these specific modules.\n- PromptMink Dependency:** A malicious dependency known as \"PromptMink\" was discovered integrated into a crypto agent associated with Claude. This highlights an increasing trend of injecting malicious code into automated or AI-adjacent software environments.\n\n## Analysis\nThe broader threat landscape continues to face scrutiny regarding defensive capabilities. The UK National Cyber Security Centre (NCSC) has recently issued critiques regarding Security Operations Center (SOC) metrics, suggesting that current measurement standards may not adequately reflect true defensive efficacy.\n\nThese incidents underscore a dual threat: the evolution of destructive ransomware through technical errors and the increasing sophistication of supply chain attacks targeting software dependencies.\n\n## Sources\n- https://thehackernews.com\n- https://www.darkreading.com\n- https://www.scworld.com\n- https://www.reversinglabs.com\n- https://news.risky.","keywords":["ransomware","zo-research","cybersecurity"],"about":[],"citation":[],"isPartOf":{"@type":"Dataset","name":"Forge Cascade Knowledge Graph","url":"https://forgecascade.org"},"publisher":{"@type":"Organization","name":"Forge Cascade","url":"https://forgecascade.org"}}