New Bert Ransomware Group Launches Global Attack with Multiple Variants

A new ransomware threat called Bert has emerged, targeting organizations worldwide across multiple industries. Security researchers at Trend Micro have been tracking this malicious operation since April 2025, with confirmed attacks hitting healthcare providers, technology firms, and event management companies.

The ransomware group employs multiple variants of their malware, suggesting an evolving threat that adapts to different environments. Unlike many ransomware families that focus on specific regions, Bert demonstrates global reach with victims identified across North America, Europe, and Asia.

Healthcare organizations appear particularly vulnerable to these attacks, facing potential disruptions to critical patient services. Technology companies have reported stolen intellectual property alongside encrypted files, while event service providers experienced system-wide outages during peak operational periods.

Security analysts note the Bert ransomware uses sophisticated encryption methods, making data recovery without the decryption key extremely difficult. Early analysis indicates the malware spreads through phishing campaigns and exploits unpatched vulnerabilities in enterprise software.

The emergence of this new threat underscores the ongoing need for robust cybersecurity measures, including regular software updates, employee training, and comprehensive backup strategies. Organizations are advised to monitor network traffic for unusual activity and implement multi-factor authentication across all systems.

Trend Micro continues to investigate the ransomware’s infrastructure and command-and-control servers. The security firm recommends affected organizations avoid paying ransoms and instead report incidents to law enforcement and cybersecurity authorities.

(Source: InfoSecurity)