In early July 2026, security firm Sysdig publicly disclosed a new type of ransomware attack. After gaining initial access by exploiting a Langflow vulnerability (CVE-2025-3248), the JadePuffer ransomware leveraged a Large Language Model (LLM) agent to automatically execute the entire attack chain. From reconnaissance, credential theft, lateral movement, and privilege...
Tag: Ransomware
ESXiArgs Ransomware Attack Event Analysis
The French Computer Emergency Response Team (CERT-FR) warned that [1] an attacker exploited a two-year-old remote code execution vulnerability in VMware ESXi server to deploy new ESXiArgs ransomware. The security vulnerability number is CVE-2021-21974 [2] and it is caused by a heap overflow vulnerability in the OpenSLP service. Unauthenticated attackers...
Highlights of 2021 Security Emergency Incident Observations
Intro The world of cybersecurity is rapidly changing and technologies continue to evolve and innovate. While emerging technologies on big data, Internet of Things, artificial intelligence, mobile payment, just name a few, are helping digital transformation, new security risks expose constantly. Security incidents handled by NSFOCUS emergency response team in...
The New Trend of Ransomware: Triple Extortion
Threat actors who specialize in ransomware are always using Double Extortion Tactics in which they not only encrypt the victim’s data but also threaten to leak sensitive data publicly unless the ransom is paid. Double Extortion Tactics first started appearing in late 2019, becoming an increasingly common trend through 2020....
A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 2
2. Encrypter: DP_Main 2.2 Self Copy and Automatic Running at Startup The program copies itself to %APPDATA%/DP/DP_Main.exe, and modifies the registry for automatic running at startup. 2.3 Deletion of Volume Shadow Backups The program uses CMD command parameters to delete volume shadow backups. 2.4 Upload of Encryption Information After obtaining...
A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 1
Event Overview Recently, NSFOCUS CERT, through ongoing monitoring, found that the source code of the Paradise ransomware was leaked. Since data encrypted by Paradise cannot be decrypted now, the source code, if widely spread over the Internet, may cause a lot of trouble. Paradise had its source code leaked on...



