BERT Ransomware Group Targets Asia and Europe on Multiple Platforms
Key Takeaways
BERT (tracked by Trend Micro as Water Pombero) is a newly emerged ransomware group targeting both Windows and Linux platforms, with confirmed victims in Asia, Europe, and the US, particularly across healthcare, technology, and event services sectors.
The group’s tactics include PowerShell-based loaders, privilege escalation, and concurrent file encryption, allowing them streamlined attack execution and evasion despite their reliance on a simple codebase.
On Linux systems, BERT’s ransomware variant supports up to 50 threads for fast encryption and can forcibly shut down ESXi virtual machines to maximize impact and disrupt recovery efforts.
Trend Vision One™ detects and blocks the indicators of compromise (IOCs) related to BERT. Trend Vision One customers can also access hunting queries, threat insights, and threat intelligence reports to gain rich context and the latest updates on BERT.
To read the complete article see: