The Reveal Platform
Intel Name: Suspected shinysp1der ransomware samples
Date of Scan: November 25, 2025
Impact: High
Summary: We uncovered multiple malicious files during an investigation into the ShinySp1d3r ransomware, linked to the ShinyHunters group. The ransomware name appears as “ShinySp1d3r” or “Sh1nySp1d3r,” and we track the group as Bling Libra. Several samples contain an embedded URL, likely a placeholder for a future Tor-based leak site. Reports indicate the encryptor was built from scratch and is still under active development, with a Linux variant also expected. We continue searching for additional samples and indicators tied to this emerging ransomware family.
