MS13089 is a newly emerged ransomware group (first observed December 2025) that named itself after a 2013 Microsoft Security Bulletin, claiming a handful of victims including a law firm, operating primarily as a double-extortion actor.