Interlock, a ransomware intrusion set first observed in September 2024, has steadily carved a niche for itself within the cybercriminal landscape. Unlike many well-known groups, Interlock does not operate under the typical "Ransomware-as-a-Service" (RaaS) model. As of March 2025, there are no public advertisements or indications of affiliate recruitment linked to this group, distinguishing it from larger, more commercialized ransomware operations.

A novel ransomware strain named Ymir has emerged, encrypting systems previously compromised by the RustyStealer malware. RustyStealer, a credential-harvesting tool initially documented in 2021, is now being used to facilitate ransomware deployment, reflecting an increasing trend of collaboration among cybercriminal operations.

A newly identified malware, code-named "FiXS," has begun affecting ATMs across Mexican banks. The malware's name comes from an identifier found within its binary code. FiXS appears to operate similarly to the infamous Ploutus malware, utilizing an external keyboard connection to control the ATM.

The Knight ransomware has adopted a deceptive guise by orchestrating an ongoing spam campaign that cleverly poses as TripAdvisor complaints. This intricate ploy conceals its malicious intent, with the ransomware itself being a revamped version of the Cyclop Ransomware-as-a-Service. The re-branding took place at the close of July 2023, marking a shift from its previous identity.

In the realm of cyber security, ransomware remains a persistent and evolving threat, wreaking havoc on organizations and individuals alike. Microsoft's recent revelations about the BlackCat ransomware's latest version, the Sphynx ransomware, illuminate the ever-advancing tactics employed by cyber criminals