Bert

Compare

Parsing: enabled

Description

BERT ransomware (also tracked as Water Pombero) first emerged in April 2025, rapidly targeting both Windows and Linux systems across Asia, Europe, and the U.S., with confirmed victims in healthcare, technology, electronics, and event services sectors. Its Windows variant employs a PowerShell-based loader that escalates privileges, disables Defender, UAC, and the firewall, then downloads the ransomware payload. The Linux version aggressively encrypts with up to 50 concurrent threads, forcibly shuts down VMware ESXi VMs to prevent recovery, and appends extensions like .encryptedbybert or .encrypted_by_bert. BERT uses AES encryption, and later variants feature optimized multithreading via ConcurrentQueue and DiskWorker threads. Analysts note code similarities with REvil and Babuk ESXi lockers, potentially pointing to shared development lineage or code reuse.

External Analysis7

External Analysis
https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/bert
https://www.csoonline.com/article/4019468/trend-micro-flags-bert-a-rapidly-growing-ransomware-threat.html
https://securityboulevard.com/2025/07/new-bert-ransomware-evolves-with-multiple-variants/
https://www.halcyon.ai/blog/bert-ransomwares-first-moves-kill-the-vms-kill-the-backups
https://www.darkreading.com/cyber-risk/bert-blitzes-linux-windows-systems
https://www.fortra.com/blog/bert-ransomware-what-you-need-know
https://theravenfile.com/2025/06/16/bert-ransomware/

Ransom notes1

note.txt (Format: txt)

View all notes

Urls1

Url	Status	Screen	Uptime 30d	Health
http://bertblogsoqmm4ow7nqyh5ik7etsmefdbf25stauecytvwy7tkgizhad.onion/	Down		0%

File servers1

Url	Status	Screen	Uptime 30d	Health
http://wtwdv3ss4d637dka7iafl7737ucykei7pluzc7is3mgo2vl5nmq7eeid.onion/	Down		0%

Activity (interactive) 10

Posts10

Date	Title	Description	Screen
2025-06-10	S5 Agency World	S5 Agency World is a global port agency operating in over 360 ports, specializing in vessel and cargo services.	Screen
2025-06-05	Columbia TI	Columbia Integração delivers IT solutions in cloud, cybersecurity, and infrastructure to drive digital transformation for businesses in Brazil.	Screen
2025-05-22	Wawasan Dengkil Sdn Bhd	Wawasan Dengkil Sdn Bhd is a Malaysian construction company founded in 2003. It specializes in earthworks, civil engineering, equipment rental, and building material supply. Recently listed on the stock exchange, the company is actively expanding its operations.	Screen
2025-05-16	ALL RING TECH CO., LTD.	All Ring Tech is a Taiwanese company producing advanced automation equipment for semiconductors, LEDs, passive components, and solar industries.	Screen
2025-05-10	SIMCO Electronics (UPDATE 5/10/2025)	SIMCO Electronics is a leading provider of calibration and software solutions for technology companies. Founded in 1962 to serve NASA and Silicon Valley firms.	Screen
2025-05-05	SIMCO Electronics (UPDATE 5/5/2025)	SIMCO Electronics is a leading provider of calibration and software solutions for technology companies. Founded in 1962 to serve NASA and Silicon Valley firms.	Screen
2025-05-03	SIMCO Electronics (UPDATE 5/3/2025)	SIMCO Electronics is a leading provider of calibration and software solutions for technology companies. Founded in 1962 to serve NASA and Silicon Valley firms.	Screen
2025-05-03	SIMCO Electronics	SIMCO Electronics is a leading provider of calibration and software solutions for technology companies. Founded in 1962 to serve NASA and Silicon Valley firms.	Screen
2025-04-09	Yozgat City Hospital	Modern hospital in Yozgat offering quality care and innovation. Patient health is protected — their data, however, is shared globally.	Screen
2025-04-06	National Ticket Company	National Ticket Company – Your Trusted Source for Tickets Since 1907 National Ticket Company (“NTC”) is an online printer that offers ticketing and wristband solutions to theaters and concert venues, sporting events, event organizers, museums, festival promoters, private businesses and non-profit organizations. Combining quality products with a commitment to doing more for our customers, there’s no better partner for all your ticket and wristband printing needs. We are one of the oldest, largest, and most respected companies in the industry, and we have been a family-owned business since our founding in 1907. Learn more about our company history. Hello, National Ticket Company. The breach happened over two months ago. You knew. You stayed silent. You tried to cover it up. No warnings. No apologies. Just deception. In 2025, trust matters more than data. You’ve lost it. Your internal files are now public: financials, contracts, client records, internal emails — and much more. This isn’t a hack. It’s a consequence. You did this. Welcome to the wall of shame.	Screen