New Ransomware Group Cephalus Emerges with Sophisticated Go-Based Attacks

Cyber Security News by CyberSum.net

Published on November 7, 2025 at 03:00 AM

3 sources

Researchers have identified a new ransomware group named Cephalus, which surfaced in mid-June 2025. The group uses custom-built Go-based ransomware and sophisticated anti-analysis mechanisms. They target organizations by brute-forcing or purchasing compromised RDP credentials without MFA. Cephalus exfiltrates sensitive data before encryption and maintains a dedicated leak site on the dark web. The ransomware includes mechanisms to thwart dynamic analysis and forensic recovery, such as creating fake AES keys and using a custom SecureMemory structure to manage encryption keys.

Also Read

Kraken Ransomware: New Encryption Benchmarking Feature

The Kraken ransomware, targeting Windows, Linux, and VMware ESXi systems, has introduced a unique feature that tests machine performance to optimize encryption speed. This ransomware, linked to the defunct HelloKitty group, engages in big-game hunting and double extortion attacks. It exploits SMB vulnerabilities for initial access and uses tools like Cloudflared and SSHFS for data exfiltration. Kraken's data leak site lists victims from various regions, and it operates a new cybercrime forum called 'The Last Haven Board'.

By Cyber Security News by CyberSum.netNovember 14, 2025 at 06:00 AM