TRJ Cybersecurity Intel Report
Category: Emerging Ransomware Threat
Features: Multi-Platform Encryption, Active Development, Obfuscation Techniques
Delivery Method: PowerShell-Based Defense Evasion + Direct System Compromise
Threat Actor: “Bert” Ransomware Collective (Under Investigation — Possible Russian Links)
A new ransomware group has surfaced—and it’s moving fast.
Calling itself Bert, this emerging cybercriminal operation has already struck organizations across the healthcare, technology, and event services industries—quietly breaching systems in the United States, Europe, and Asia with alarming speed.
The group’s first confirmed activity traces back to April 2025, when researchers at cybersecurity firm Trend Micro began tracking its movements. In a report released Monday, analysts confirmed that Bert ransomware has successfully infected both Windows and Linux systems—an uncommon level of cross-platform sophistication for a relatively new threat actor.
Inside the Bert Ransomware Playbook
What makes Bert dangerous isn’t just its ability to encrypt files across multiple operating systems. It’s the way it enters and spreads.
Researchers found Bert deploying a custom PowerShell script capable of disabling a wide array of security tools before triggering the ransomware payload. Once defenses are stripped away, the malware downloads its encryption modules and begins locking files at scale.
The ransom note is blunt and direct:
“Hello from Bert! Your network is hacked and files are encrypted.”
Victims are then instructed to initiate ransom negotiations via anonymous channels controlled by the attackers.
Rapid Development & Growing Danger
Security analysts warn that Bert isn’t a static threat—it’s evolving.
Multiple variants of the malware have already been detected in the wild, each showing signs of active development. These aren’t mere copy-paste ransomware builds. They appear to be iterating aggressively, refining payload delivery and encryption techniques with every new attack wave.
And while no specific cybercrime group has officially been tied to Bert yet, there are indicators pointing toward Russian connections.
Trend Micro’s report notes that Bert ransomware operations frequently use Russian-hosted infrastructure—a common hallmark of ransomware gangs operating either within or in alignment with Russian cybercriminal ecosystems.
Possible REvil Lineage: A Dangerous Code Legacy
Perhaps most concerning is Bert’s apparent connection to the infamous REvil ransomware.
Analysts discovered that Bert’s Linux variant contains several code fragments reminiscent of REvil’s now-defunct Linux ransomware builds—suggesting that Bert may have directly borrowed, purchased, or evolved from REvil’s tools.
REvil (also known as Sodinokibi) was one of the most feared ransomware gangs in the world before being dismantled in 2021 through joint U.S. and Russian law enforcement actions. Though publicly declared inactive, remnants of its codebase have continued to circulate on dark web forums and in underground marketplaces.
Legal Shadows: The Curious REvil Connection
In a strange twist, the same month Bert attacks escalated, a Russian court sentenced several members of the old REvil gang on unrelated charges—accusing them of stolen payment data trafficking and carding fraud.
However, all were immediately released after the trial due to “time served,” despite their prior ransomware affiliations.
While unrelated to Bert directly, the timing raises uncomfortable questions:
- Is REvil’s operational knowledge now being recycled or handed off to new actors like Bert?
- Are sleeper cells of ransomware expertise simply shifting to newer fronts, armed with the same destructive tactics?
TRJ Reality Check
This isn’t just another ransomware campaign.
Bert represents a dangerous fusion of cross-platform capability, defense evasion, and aggressive iteration—backed by potential ties to some of the most notorious cybercrime tools ever created.
For healthcare providers, tech companies, and critical industries, the warning is clear: This group isn’t testing the waters anymore. They’re already inside the building.
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 1 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed.
🔥 Kindle Edition 👉 https://a.co/d/9EoGKzh
🔥 Paperback 👉 https://a.co/d/9EoGKzh
🔥 Hardcover Edition 👉 https://a.co/d/0ITmDIB
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 2 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed just like the first one.
🔥 Kindle Edition 👉 https://a.co/d/1xlx7J2
🔥 Paperback 👉 https://a.co/d/a7vFHN6
🔥 Hardcover Edition 👉 https://a.co/d/efhu1ON
Get your copy today and experience poetry like never before. #InkAndFire #PoetryUnleashed #FuelTheFire
🚨 NOW AVAILABLE! 🚨
📖 THE INEVITABLE: THE DAWN OF A NEW ERA 📖
A powerful, eye-opening read that challenges the status quo and explores the future unfolding before us. Dive into a journey of truth, change, and the forces shaping our world.
🔥 Kindle Edition 👉 https://a.co/d/0FzX6MH
🔥 Paperback 👉 https://a.co/d/2IsxLof
🔥 Hardcover Edition 👉 https://a.co/d/bz01raP
Get your copy today and be part of the new era. #TheInevitable #TruthUnveiled #NewEra
🚀 NOW AVAILABLE! 🚀
📖 THE FORGOTTEN OUTPOST 📖
The Cold War Moon Base They Swore Never Existed
What if the moon landing was just the cover story?
Dive into the boldest investigation The Realist Juggernaut has ever published—featuring declassified files, ghost missions, whistleblower testimony, and black-budget secrets buried in lunar dust.
🔥 Kindle Edition 👉 https://a.co/d/2Mu03Iu
🛸 Paperback Coming Soon
Discover the base they never wanted you to find. TheForgottenOutpost #RealistJuggernaut #MoonBaseTruth #ColdWarSecrets #Declassified
Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!
https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
Ugh. I grow weary of these kinds of attacks. Thank you, John. Another great heads up! I will share it too.
I get it, Sheila—and you’re welcome. These kinds of attacks are exhausting to keep up with, and they’re only getting more frequent. But that’s exactly why we stay ahead of it. Really appreciate you sharing it and helping others stay informed. Thank you very much, and I hope you have a great night. 😎
I just posted the job scam I got. Ugh
I appreciate you always responding and writing these exceptional articles, John!
Thank you so much, Sheila! I just took a look at your post—these scammers are getting ridiculous, to say the least. Those job scams are becoming more aggressive and sophisticated every day. I’m really glad you shared your experience—stuff like this helps others stay alert and hopefully avoid falling into those traps.
And thank you, as always, for your kind words and support. It truly means a lot! I’ll definitely keep doing my best to write these articles and keep the truth flowing.
God bless you and yours—and stay safe out there! 😎
For anyone interested in reading Sheila’s article, here’s the link below. Her post shows a real example of how these scams work—and it’s definitely worth checking out:
👉 Sheila’s Article — Integrating the Spirals: Getting Old Sucks & Job Scams https://sheilamurrey.net/2025/07/08/integrating-the-spirals-getting-old-sucks-job-scams/
Thank you, John. These scams make me want to get a flip phone and chuck my laptop in the lake! Ha!
Keep on keeping us all informed! Your work and words are very important and valuable.
You’re very welcome, Sheila! I feel the exact same way. It really is a shame—technology was supposed to make life a bit easier, yet somehow it’s only making things harder. I’m glad you see the value in what we do here, because that means a lot. And don’t ever forget—both you and Richard carry that same important value in everything you do. People like you two still make a difference, and I never take that for granted.
Aww, thank you so much, John! That’s the sweetest compliment. Have a great day!
Sorry to hear about another problem like this. Healthcare providers, tech companies, and critical industries already have enough challenges as it is. Thanks for the alert, John.
Absolutely, Chris. You’re right—these industries are already stretched thin, and attacks like this just add to the weight. Unfortunately, it’s only going to keep escalating. Glad you caught this one—appreciate you reading and staying aware. That’s quite important. 😎