Threat Research

    GOLD SALEM Tradecraft for Deploying Warlock Ransomware

    In mid-August 2025, researchers observed the misuse of the legitimate Velociraptor DFIR tool as part of suspected ransomware precursor activity. Further investigation across customer environments indicated with high confidence an intent to deploy Warlock ransomware. Warlock is operated by the cybercrime group tracked as GOLD SALEM....
    12/16/2025  0
    Read More »

    GOLD SALEM’s Warlock Operation Joins Busy Ransomware Landscape

    As of mid-September 2025, GOLD SALEM has named 60 victims, placing it mid-tier among active ransomware groups. Its targets range from small entities to major multinational firms across North America, Europe, and South America. Consistent with typical ransomware behavior, the group has mostly avoided victims in China and Russia....
    9/19/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.