SYDNEY, 27 March 2025 – This research, conducted by Bitdefender Labs, presents the first documented analysis of a ransomware campaign attributed to the RedCurl group (also known as Earth Kapre or Red Wolf). RedCurl has historically maintained a low profile, relying heavily on Living-off-the-Land (LOTL) techniques for corporate cyberespionage and data exfiltration. This shift to ransomware marks a significant evolution in its tactics.
This new ransomware, which we have named QWCrypt based on a self-reference ‘qwc’ found within the executable, is previously undocumented and distinct from known ransomware families.
By sharing our findings with the threat intelligence community and challenging existing assumptions, we hope to encourage further research of this unconventional threat actor that has been active since 2018.
RedCurl: A (Red) Wolf in Sheep’s Clothing?
RedCurl’s motivations raise more questions than answers. While frequently labelled a cyberespionage group, we find the evidence supporting this classification inconclusive.
Much of the existing analysis from fellow security researchers reiterate
PR Archives: Latest, By Company, By Date