Cybercriminals are currently leading to ransomware attack on Windows. To enter the computer, pirates exploited a discovery vulnerability at the start of the year, and corrected by Microsoft in April 2025.
Pirates are currently using a vulnerability of Windows, report researchers from Kaspersky and Bi.zone. As experts noted, cybercriminals use the flaw of the operating system to deploy le malware PipeMagic on computers. It is a stolen door. Once slipped into the system, it offers persistent access to cybercriminals, opening the door to other abuses.
Read also: Microsoft has just corrected more than 100 Windows faults
Attack by ransomware on Windows
Appeared in 2022, malware initially aimed at industrial companies in Southern Asia, before spreading in other regions of the world. Pipemagic is massively used as part ofattacks by ransomware. In this case, pirates use Pipemagic to manage to install ransomware on the targeted machine. Through the stolen door, cybercriminals can encrypt all computer data with Ransomexx, a ransomware Appeared around 2018, after having siphoned the information. This tip allows you to carry out double extortion attacks.
The attack is based on a Windows Faille corrected last April by Microsoft, the researchers say. Vulnerability allowsexecute malicious remote code By taking more privileges than provided by the system. The fault is in the pilot CLFS (Common Log File System) from Windows. It allows an attacker already present on the system to take complete control of the machine.
Read also: Microsoft Defender Vulnerable – Pirates deceive the Windows Antivirus to deploy Ransomware Akira
The importance of security updates
The flaw was made public several months ago. Any cybercriminal is therefore able to operate the Windows breach to lead a cyber attack at its end. The offensive illustrates the importance ofInstall safety fixes Deployed by Microsoft as soon as possible. If you neglect to do so, a hacker will soon jump at the opportunity to try to take control of your computer.
As Kaspersky’s researchers explain, the virus behind the attack, Pipemagic, is constantly evolving. Detection “Recurrent of Pipemagic in attacks on organizations in Saudi Arabia, as well as its appearance in Brazil, shows that this malicious software remains active and that its authors continue to enrich its capacities”underlines the report. Russian experts add that “The variants observed in 2025 have improvements compared to those of 2024, with the aim of ensuring persistence on infected systems”.
According to the investigations carried out by the Microsoft Threat Intelligence, the attack was orchestrated by a gang of pirates known as the code name Storm-2460. Particularly stealthy, the group is known to use Windows public flaws in order to extort money from companies to United States, Europe, Middle East and South America.
🔴 To not miss any 01net news, follow us on Google News and Whatsapp.
Source :
Kaspersky