RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment - The Cyber Post

The Russian-speaking hacking group RedCurl, known for corporate espionage, has deployed a new ransomware strain called QWCrypt. The attack chain involves using mountable disk images disguised as CVs to initiate a multi-stage infection procedure, ultimately leading to the deployment of ransomware. This marks a departure from RedCurl’s established modus operandi and raises questions about their origins and motivations.