BERT RANSOMWARE

**BERT Ransomware — Initial Investigation (Mar–May 2025):** This report documents the emergence of the BERT ransomware group targeting Windows (initially) and later Linux systems via phishing and a PowerShell-based loader that disables security controls and fetches a payload; it includes technical analysis of encryption methods, sample filenames and timestamps, TOR data-leak sites, hosting/IP ownership details, and links to collected IOCs and samples.