bert
INACTIVEransomware group
BERT ransomware (also tracked as Water Pombero) first emerged in April 2025, rapidly targeting both Windows and Linux systems across Asia, Europe, and the U.S., with confirmed victims in healthcare, technology, electronics, and event services sectors. Its Windows variant employs a PowerShell-based loader that escalates privileges, disables Defender, UAC, and the firewall, then downloads the ransomware payload. The Linux version aggressively encrypts with up to 50 concurrent threads, forcibly shuts down VMware ESXi VMs to prevent recovery, and appends extensions like .encryptedbybert or .encrypted_by_bert. BERT uses AES encryption, and later variants feature optimized multithreading via ConcurrentQueue and DiskWorker threads. Analysts note code similarities with REvil and Babuk ESXi lockers, potentially pointing to shared development lineage or code reuse.
Group Activity
Last 12 monthsVictims (7)
S5 Agency World
S5 Agency World is a global port agency operating in over 360 ports, specializing in vessel and cargo services.
Columbia TI
Columbia Integração delivers IT solutions in cloud, cybersecurity, and infrastructure to drive digital transformation for businesses in Brazil.
Wawasan Dengkil Sdn Bhd
Wawasan Dengkil Sdn Bhd is a Malaysian construction company founded in 2003. It specializes in earthworks, civil engineering, equipment rental, and building mat...
ALL RING TECH CO., LTD.
All Ring Tech is a Taiwanese company producing advanced automation equipment for semiconductors, LEDs, passive components, and solar industries.
SIMCO Electronics
SIMCO Electronics is a leading provider of calibration and software solutions for technology companies. Founded in 1962 to serve NASA and Silicon Valley firms.
Yozgat City Hospital
Modern hospital in Yozgat offering quality care and innovation. Patient health is protected — their data, however, is shared globally.
National Ticket Company
National Ticket Company – Tickets and wristbands since 1907.
Infrastructure
No sites tracked