Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as a key TTP.

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.