Reynolds side-loaded-loader and GotoHTTP ransomware campaign
Campaign
Summary
Hide ▲
Show ▼
The Reynolds ransomware operation now shows pre-deployment staging and post-deployment access tooling, increasing the likelihood of persistent compromise on the target network. A side-loaded loader appeared weeks before ransomware deployment, and GotoHTTP was later deployed after the ransomware event. That sequence indicates a coordinated intrusion path rather than a single isolated payload drop.
Related Happenings
GodDamn ransomware PoisonX BYOVD activity
Malware Activity
H score15
First: 09.07.2026 13:43
Last: 09.07.2026 13:43
Sources 1
About this happening:
The **GodDamn** ransomware family is using the **PoisonX** kernel driver to disable endpoint defenses during attacks, increasing the risk of **credential theft**, **lateral moveme...
GodDamn ransomware PoisonX BYOVD activity
Malware ActivityAbout this happening: The **GodDamn** ransomware family is using the **PoisonX** kernel driver to disable endpoint defenses during attacks, increasing the risk of **credential theft**, **lateral moveme...
JADEPUFFER agentic Langflow ransomware campaign
Campaign
H score26
First: 03.07.2026 21:55
Last: 03.07.2026 21:55
Sources 1
About this happening:
The **JADEPUFFER** operation abused **CVE-2025-3248** on an internet-facing **Langflow** instance and then escalated into a **destructive database-extortion** campaign against a p...
JADEPUFFER agentic Langflow ransomware campaign
CampaignAbout this happening: The **JADEPUFFER** operation abused **CVE-2025-3248** on an internet-facing **Langflow** instance and then escalated into a **destructive database-extortion** campaign against a p...
Major U.S. services company hit by ransomware attack linked to DragonForce
Incident
H score38
First: 16.06.2026 13:18
Last: 16.06.2026 13:18
Sources 1
About this happening:
A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...
Major U.S. services company hit by ransomware attack linked to DragonForce
IncidentAbout this happening: A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...
Medusa ransomware post-compromise deployment
Malware Activity
H score48
First: 07.04.2026 09:35
Last: 07.04.2026 09:35
Sources 1
About this happening:
**Medusa ransomware** is being deployed rapidly after initial access, turning intrusions into fast-moving extortion events and shrinking defenders' response time. The malware acti...
Medusa ransomware post-compromise deployment
Malware ActivityAbout this happening: **Medusa ransomware** is being deployed rapidly after initial access, turning intrusions into fast-moving extortion events and shrinking defenders' response time. The malware acti...
Storm-1175 high-velocity zero-day and N-day intrusion campaign
Campaign
H score44
First: 07.04.2026 09:35
Last: 07.04.2026 09:35
Sources 1
About this happening:
**Storm-1175** is running a **high-velocity intrusion campaign** that chains **zero-day** and **N-day vulnerabilities** to gain initial access to exposed systems, raising the risk...
Storm-1175 high-velocity zero-day and N-day intrusion campaign
CampaignAbout this happening: **Storm-1175** is running a **high-velocity intrusion campaign** that chains **zero-day** and **N-day vulnerabilities** to gain initial access to exposed systems, raising the risk...
Timeline
-
10.02.2026 16:36 2 articles · 4mo ago
Reynolds campaign pairs a side-loaded loader with GotoHTTP access
Campaign Scope UpdateReynolds ransomware activity included a suspicious side-loaded loader on the affected target network several weeks before ransomware deployment, followed by GotoHTTP on the target network a day after deployment, indicating a coordinated intrusion path and an apparent attempt to maintain persistent access after encryption.
Show sources
- Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools — thehackernews.com — 10.02.2026 16:36
- Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools — thehackernews.com — 10.02.2026 16:36