Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Turkey-focused low-dollar ransomware campaign using phishing and modified commercial malware

Campaign
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

A Turkey-focused ransomware campaign has been hitting individuals and SMBs with low-dollar extortion at scale, making the operation significant despite the modest ransom demands. The initial access path uses phishing, a cloud-hosted file, and a malicious Java archive, while the payload chain includes Adwind RAT and the JanaWare ransomware plug-in.

Related Happenings

Storm-1175 high-tempo Medusa ransomware campaign

Campaign
First: 07.04.2026 13:02 Last: 07.04.2026 13:02 Sources 1

About this happening: **Storm-1175** is running a **high-tempo Medusa ransomware campaign** that has repeatedly exploited **n-day and zero-day flaws** to gain initial access before patching closes the...

Open Happening

Storm-1175 high-velocity zero-day and N-day intrusion campaign

Campaign
First: 07.04.2026 09:35 Last: 07.04.2026 09:35 Sources 1

About this happening: **Storm-1175** is running a **high-velocity intrusion campaign** that chains **zero-day** and **N-day vulnerabilities** to gain initial access to exposed systems, raising the risk...

Open Happening

FAUX#ELEVATE phishing campaign targeting French-speaking corporate environments

Campaign
First: 24.03.2026 18:35 Last: 24.03.2026 18:35 Sources 1

About this happening: The **FAUX#ELEVATE** phishing campaign is actively targeting **French-speaking corporate environments** with **fake resume/CV lures** that deliver malware for **credential theft**...

Open Happening

OAuth URL redirection phishing campaign targeting government and public-sector organizations

Campaign
First: 03.03.2026 11:20 Last: 03.03.2026 11:20 Sources 1

About this happening: The **OAuth URL redirection** phishing campaign is targeting **government and public-sector organizations**, using attacker-controlled redirects to bypass normal **email** and **b...

Open Happening

Amnesia RAT retrieved from Dropbox for data theft and remote control

Malware Activity
First: 24.01.2026 13:09 Last: 24.01.2026 13:09 Sources 1

About this happening: The **Amnesia RAT** payload is being staged from **Dropbox**, giving the operators a **remote-access trojan** that can steal data and control infected endpoints. It is the final s...

Open Happening

Timeline

  1. 16.04.2026 09:00 2 articles · 1mo ago

    Acronis documents Turkey-focused JanaWare ransomware campaign

    Technical Analysis Update

    Acronis documented a Turkey-focused, low-dollar ransomware campaign that has been active since at least 2020, using phishing emails that lead to a cloud-hosted file and a malicious Java archive to deliver a custom Adwind RAT variant. The malware establishes persistence, checks for victims in Turkey with Turkish-language systems, disables Microsoft Defender and other defenses, and deploys the JanaWare ransomware plug-in with ransom demands of $200 to $400 against individuals and SMBs.

    Show sources
    Open in new tab