Bert
Parsing : Enabled
Description
BERT ransomware (also tracked as Water Pombero) first emerged in April 2025, rapidly targeting both Windows and Linux systems across Asia, Europe, and the U.S., with confirmed victims in healthcare, technology, electronics, and event services sectors. Its Windows variant employs a PowerShell-based loader that escalates privileges, disables Defender, UAC, and the firewall, then downloads the ransomware payload. The Linux version aggressively encrypts with up to 50 concurrent threads, forcibly shuts down VMware ESXi VMs to prevent recovery, and appends extensions like .encryptedbybert or .encrypted_by_bert. BERT uses AES encryption, and later variants feature optimized multithreading via ConcurrentQueue and DiskWorker threads. Analysts note code similarities with REvil and Babuk ESXi lockers, potentially pointing to shared development lineage or code reuse.
| External Analysis |
| https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/bert |
| https://www.csoonline.com/article/4019468/trend-micro-flags-bert-a-rapidly-growing-ransomware-threat.html |
| https://securityboulevard.com/2025/07/new-bert-ransomware-evolves-with-multiple-variants/ |
| https://www.halcyon.ai/blog/bert-ransomwares-first-moves-kill-the-vms-kill-the-backups |
| https://www.darkreading.com/cyber-risk/bert-blitzes-linux-windows-systems |
| https://www.fortra.com/blog/bert-ransomware-what-you-need-know |
| Urls |
Screen |
| http://bertblogsoqmm4ow7nqyh5ik7etsmefdbf25stauecytvwy7tkgizhad.onion/ |
Screen |
| File servers |
Screen |
| http://wtwdv3ss4d637dka7iafl7737ucykei7pluzc7is3mgo2vl5nmq7eeid.onion/ |
Screen |
Posts
| Date |
Title |
Description |
Screen |
| 2025-06-10 |
S5 Agency World |
S5 Agency World is a global port agency operating in over 360 ports, specializing in vessel and cargo services. |
Screen |
| 2025-06-05 |
Columbia TI |
Columbia Integração delivers IT solutions in cloud, cybersecurity, and infrastructure to drive digital transformation for businesses in Brazil. |
Screen |
| 2025-05-22 |
Wawasan Dengkil Sdn Bhd |
Wawasan Dengkil Sdn Bhd is a Malaysian construction company founded in 2003. It specializes in earthworks, civil engineering, equipment rental, and building material supply. Recently listed on the stock exchange, the company is actively expanding its operations. |
Screen |
| 2025-05-16 |
ALL RING TECH CO., LTD. |
All Ring Tech is a Taiwanese company producing advanced automation equipment for semiconductors, LEDs, passive components, and solar industries. |
Screen |
| 2025-05-10 |
SIMCO Electronics (UPDATE 5/10/2025) |
SIMCO Electronics is a leading provider of calibration and software solutions for technology companies. Founded in 1962 to serve NASA and Silicon Valley firms. |
Screen |
| 2025-05-05 |
SIMCO Electronics (UPDATE 5/5/2025) |
SIMCO Electronics is a leading provider of calibration and software solutions for technology companies. Founded in 1962 to serve NASA and Silicon Valley firms. |
Screen |
| 2025-05-03 |
SIMCO Electronics (UPDATE 5/3/2025) |
SIMCO Electronics is a leading provider of calibration and software solutions for technology companies. Founded in 1962 to serve NASA and Silicon Valley firms. |
Screen |
| 2025-05-03 |
SIMCO Electronics |
SIMCO Electronics is a leading provider of calibration and software solutions for technology companies. Founded in 1962 to serve NASA and Silicon Valley firms. |
Screen |
| 2025-04-09 |
Yozgat City Hospital |
Modern hospital in Yozgat offering quality care and innovation. Patient health is protected — their data, however, is shared globally. |
Screen |
| 2025-04-06 |
National Ticket Company |
National Ticket Company – Your Trusted Source for Tickets Since 1907
National Ticket Company (“NTC”) is an online printer that offers ticketing and wristband solutions to theaters and concert venues, sporting events, event organizers, museums, festival promoters, private businesses and non-profit organizations. Combining quality products with a commitment to doing more for our customers, there’s no better partner for all your ticket and wristband printing needs. We are one of the oldest, largest, and most respected companies in the industry, and we have been a family-owned business since our founding in 1907. Learn more about our company history.
Hello, National Ticket Company.
The breach happened over two months ago.
You knew. You stayed silent. You tried to cover it up.
No warnings. No apologies. Just deception.
In 2025, trust matters more than data.
You’ve lost it.
Your internal files are now public:
financials, contracts, client records, internal emails — and much more.
This isn’t a hack. It’s a consequence.
You did this.
Welcome to the wall of shame. |
Screen |