216.73.216.133

Dire Wolf Strikes: New Ransomware Group Targeting Global Sectors

· Published 02/07/2025 07:12 · Modified 02/07/2025 07:35

Export JSON

Essential information

Published
02/07/2025 07:12
Modified
02/07/2025 07:35
Tags
2025-07-02 data leak dire wolf golang ransomware
Related entities
2 observables, 1 intrusion sets (apt), 7 techniques (mitre), 1 malware, 5 others

Description

A newly emerged group called has been observed since May 2025, targeting multiple sectors globally with a focus on manufacturing and technology. The group employs double extortion tactics, encrypting files and threatening to publish stolen data. Analysis of a sample revealed it was written in and uses a combination of Curve25519 and ChaCha20 algorithms for encryption. The malware disables event logging, terminates specific processes and services, and deletes backups and recovery options. Victims are given personalized ransom notes with login details for negotiation. As of writing, 16 victims across 11 nations have been listed on the group's leak site, with the US and Thailand being the most affected.

External references