Beware of Bert: New ransomware group targets healthcare, tech firms therecord.media/bert-rans…

A new ransomware group has been breaching organizations across Asia, Europe, and the U.S., with victims reported in the healthcare, technology and event services sectors, researchers have found.

The group, calling itself Bert, was first identified in April by researchers at cybersecurity firm Trend Micro, who detailed their findings in a report published Monday.

The ransomware has infected both Windows and Linux systems, the researchers said. Although the initial access method remains unknown, analysts discovered a PowerShell script that disables security tools on victims' systems before downloading and executing the ransomware.

Once inside a system, the malware drops a ransom note that reads: “Hello from Bert! Your network is hacked and files are encrypted,” followed by instructions for contacting the attackers to negotiate payment.

Researchers said the ransomware is actively being developed, with multiple variants already observed. While no specific threat actor has been formally linked to the attacks, the use of Russian infrastructure may suggest ties to groups operating in or affiliated with the region. Trend Micro said.