<ul><li>RedCurl, a cyber-espionage group, expands its operations by deploying ransomware targeting Hyper-V servers.</li><li>RedCurl historically focused on data exfiltration, but recently started using ransomware in at least one confirmed case.</li><li>The group uses phishing emails with disguised .img attachments as the initial attack vector.</li><li>RedCurl's new ransomware, named QWCrypt, specifically encrypts virtual machines hosted on Microsoft Hyper-V.</li></ul>

RedCurl Cyberspies deploy Ransomware to target Hyper-V Servers

Discover more