Find notable cyber news and cases, enriched with sources, timelines, and signals.

ShinySp1d3r ransomware encryptor development and build analysis

Malware Activity
First reported
Last updated
Happening score
H score 31
2 unique sources, 2 articles

Summary

Hide ▲

The ShinySp1d3r ransomware encryptor has surfaced in sample form, giving defenders visibility into its Windows build, propagation methods, and file-encryption behavior. The build matters because it shows an in-development RaaS moving toward a full operator-controlled deployment model. The analysis also indicates planned Linux and ESXi versions, suggesting the malware family is being expanded across multiple environments.

Related Happenings

Gentlemen ransomware EDR-killer tooling

Malware Activity
H score35 First: 19.06.2026 01:31 Last: 19.06.2026 01:31 Sources 1

About this happening: **Gentlemen ransomware-as-a-service (RaaS)** is actively maintaining a suite of **EDR killers** led by **GentleKiller** to disable endpoint defenses before encryption. ESET says t...

AI-built ransomware toolkit with AD discovery and EDR evasion

Malware Activity
H score36 First: 02.06.2026 23:01 Last: 02.06.2026 23:01 Sources 1

About this happening: A **customer-detected** AI-built ransomware toolkit is automating **Active Directory discovery** and **EDR evasion**, increasing the chance that payloads slip past security contro...

The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up

Threat Actor Meta
H score57 First: 21.04.2026 17:00 Last: 21.04.2026 17:00 Sources 1

About this happening: **The Gentlemen** ransomware-as-a-service operation is using an operator-maintained **EDR-killer** portfolio, led by **GentleKiller**, to disable security software before encrypti...

TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns

Threat Actor Meta
H score11 First: 31.03.2026 15:15 Last: 31.03.2026 15:15 Sources 1

About this happening: TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...

Reynolds ransomware BYOVD defense-evasion activity

Malware Activity
H score31 First: 10.02.2026 16:36 Last: 10.02.2026 16:36 Sources 1

About this happening: The **Reynolds** ransomware family now matters because it bundles a **vulnerable NsecSoft NSecKrnl driver** inside the payload to disable **EDR** and terminate security processes...

Timeline

  1. 19.11.2025 15:01 2 articles · 7mo ago

    ShinySp1d3r encryptor sample surfaces

    Initial Disclosure

    An in-development ShinySp1d3r ransomware-as-a-service build surfaced for analysis after being uploaded to VirusTotal, with the platform tied to ShinyHunters and Scattered Spider-linked actors and presented as a new operator-controlled extortion operation. The Windows encryptor was built from scratch and includes ChaCha20 encryption with RSA-2048 protection for the private key, process-killing behavior, Shadow Volume Copy deletion, lateral movement options through service creation, WMI execution, and GPO startup scripts, a hardcoded ransom note named R3ADME_1Vks5fYe.txt, and planned Linux, ESXi, and CLI variants.

    Show sources