Summary: VerdaCrypt is a newly discovered, sophisticated PowerShell-based ransomware that has emerged since April 2025, notable for its technical sophistication and philosophical ransom notes. It targets a wide range of file types and employs stealthy operations to evade detection, even disabling security features in its wake. The unique blend of encryption techniques and psychological manipulation makes VerdaCrypt a significant threat to organizations and individuals alike.
Affected: Organizations using Windows operating systems and PowerShell
Keypoints :
- PowerShell stealth mode allows operation in a “fileless” manner, complicating detection.
- Targets over 100 file types, including documents, media, and databases, renaming them with a “.verdant” extension.
- Features a philosophical ransom note that includes complex themes like “data sovereignty” and “ontological dilemmas.”
- Spreads via phishing emails, supply chain attacks, and remote access exploitation.
- Recommended defenses include locking down PowerShell, enhancing email security, and implementing the 3–2–1 backup rule.
- Signifies a troubling evolution in ransomware, blending sophisticated techniques with criminal intent.