Russian hacking group Water Gamayun, also known as EncryptHub and LARVA-208, has been using a recently patched Microsoft Windows vulnerability to deliver two new backdoors, dubbed SilentPrism and DarkWisp. These allow the group to persistently steal data and control infected systems. The virus deliveries are disguised as legitimate messaging software updates, while also using other techniques to avoid detection. The group has been linked to stealing Wi-Fi passwords and browser credentials, amongst other sensitive data.
Who’s driving ransomware’s accelerated growth in 2025
The article examines the tactics used by the Internet Advertising Bureau (IAB), their connections to ransomware groups, and the services they provide.
