Cybersecurity experts recommend that organizations implement robust backup systems, employ multi-factor authentication, and regularly update security protocols to mitigate similar attacks, which have seen a 20% reduction in incident response times when proper data-driven security measures are in place. Security researchers note that Run Some Wares likely gained initial access through remote network vulnerabilities, potentially using techniques similar to those documented in other incidents where threat actors exploited weak passwords to bypass VPN security. The ransomware attack was first detected on February 27, 2025, but Harvest publicly disclosed the incident on April 10, 2025, describing it as a “cyber incident” affecting internal systems. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Technical assets were also compromised, with directories including Machine – Deep Learning/, IA Generative/, SQL Server Management Studio/, and oracle.sqldeveloper.* suggesting potential exposure of proprietary source code and AI models. Particularly concerning was the breach of directories such as Clés de chiffrement BDD/, Clés de chiffrement Veeam/, KeyPass/, and mdp/ which contained encryption keys and password vaults, potentially giving attackers expanded network access. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Their attack methodology follows patterns observed in other ransomware groups, including the discreet use of legitimate system tools to execute malicious payloads. Shortly after the announcement, the ransomware group Run Some Wares claimed responsibility via their dark web leak site, publishing sample stolen files and confirming the breach. She is covering various cyber security incidents happening in the Cyber Space.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 17 Apr 2025 12:10:06 +0000