--- title: "News brief: KillSec, Yurei score successful ransomware attacks" type: "News" locale: "zh-HK" url: "https://longbridge.com/zh-HK/news/258155641.md" description: "Ransomware groups KillSec and Yurei have recently made headlines with successful attacks. KillSec targeted Brazilian healthcare provider MedicSolution, threatening to leak 34 GB of sensitive patient data due to insecure AWS S3 buckets. Meanwhile, Yurei, a new group, claimed its first victim, MidCity Marketing in Sri Lanka, using modified open-source ransomware. Additionally, researchers discovered HybridPetya, a new malware that combines destructive and recoverable encryption capabilities, posing a significant threat to systems. This malware can bypass UEFI Secure Boot protections and remains persistent even after OS reinstallation." datetime: "2025-09-19T23:37:13.000Z" locales: - [zh-CN](https://longbridge.com/zh-CN/news/258155641.md) - [en](https://longbridge.com/en/news/258155641.md) - [zh-HK](https://longbridge.com/zh-HK/news/258155641.md) --- > 支持的語言: [简体中文](https://longbridge.com/zh-CN/news/258155641.md) | [English](https://longbridge.com/en/news/258155641.md) # News brief: KillSec, Yurei score successful ransomware attacks Ransomware gangs and strains come and go, and some reemerge stronger than ever. Take the BlackCat ransomware gang, for example. It shuttered operations in March 2024 following an exit scam. Or LockBit, a ransomware gang that revived itself days after law enforcement took the group down. Then there are variants that just won't stop -- building off their predecessors with stronger, more resilient attack techniques. Also using LockBit as an example, it first emerged in 2019 and has just recently evolved into LockBit 5.0, "boasting faster encryption, stronger evasion and a revamped affiliate program." This week's featured articles cover an old and a new ransomware group, as well as the reemergence of  Petya in a potential new strain. ## KillSec ransomware attacks Brazilian healthcare provider On Sept. 8, the KillSec ransomware group attacked MedicSolution, a Brazilian healthcare software provider. It threatened to leak 34 GB of sensitive data, including more than 94,000 files containing lab results, X-rays and patient records. The breach originated from insecure AWS S3 buckets, with the window of exposure potentially going back several months. MedicSolution provides cloud services to numerous medical practices, putting healthcare organizations at risk. Affected patients have not been notified that their data was compromised. Read the full story by Kristina Beek on Dark Reading_._ ## Yurei ransomware group scored its first victim On Sept. 5, newcomer ransomware group Yurei claimed its first double-extortion attack victim in MidCity Marketing, a food manufacturing company in Sri Lanka. Days later, additional victims were reported in India and Nigeria. The likely Moroccan-based operators used a modified version of open source Prince-Ransomware -- written in Go, which makes it harder to detect -- to conduct the attacks. Using open source malware "significantly lowers the barrier to entry for cybercriminals," cybersecurity vendor Check Point Software researchers wrote in a blog post. The same researchers also discovered a critical flaw that could enable victims to recover their stolen and encrypted data. Read the full story by Elizabeth Montalbano on Dark Reading_._ ## New malware HybridPetya threatens Secure Boot Researchers at cybersecurity vendor ESET have discovered HybridPetya, a sophisticated malware that combines NotPetya's destructive capabilities with Petya's recoverable encryption. Though not yet deployed in the wild, it represents the fourth known malware capable of bypassing UEFI Secure Boot protections. HybridPetya can deploy malicious UEFI payloads directly to the EFI System Partition and encrypt the Master File Table, rendering systems inaccessible. Unlike NotPetya, HybridPetya enables operators to reconstruct decryption keys. This persistent threat remains even after OS reinstallation or wiping the hard drive. Read the full story by Jai Vijayan on Dark Reading_._ **Editor's note:** _An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing._ _Kyle Johnson is technology editor for Informa TechTarget's SearchSecurity site._ ## 相關資訊與研究 - [11:01 ETPureHealth Research Liver Health Supplements Target Fatty Liver for Improved Daily Energy](https://longbridge.com/zh-HK/news/281689012.md) - [Karur Vysya Bank Confirms SEBI-Compliant Dematerialisation of Shares for Q4 FY26](https://longbridge.com/zh-HK/news/281688648.md) - [ZAWYA: Yas Waterworld expansion is now open to guests](https://longbridge.com/zh-HK/news/281689225.md) - [ZAWYA: Du announces enhanced connectivity support and services for SMEs and startups across the UAE](https://longbridge.com/zh-HK/news/281688775.md) - [ZAWYA: Jazeera Airways network grows with three new cities - Peshawar, Sialkot and Coimbatore](https://longbridge.com/zh-HK/news/281688638.md)