Gunra Ransomware Group Unveils Efficient Linux Variant
Essential information
- Published
- 30/07/2025 14:35
- Modified
- 30/07/2025 14:51
- Tags
- 2025-07-30 chacha20 linux ransomware
- Related entities
- 6 observables, 1 intrusion sets (apt), 13 techniques (mitre), 11 others
Description
Gunra ransomware, first observed in April 2025, has expanded its capabilities with a new Linux variant. This cross-platform move broadens the group's attack surface and demonstrates their intent to grow beyond their initial scope. The Linux variant features advanced capabilities, including parallel encryption with up to 100 threads, partial file encryption, and customizable encryption parameters. Since its emergence, Gunra has targeted enterprises across various countries and industries, including manufacturing, healthcare, IT, and agriculture. The group's tactics include data exfiltration and encryption, with a reported 40 terabytes of data leaked from a Dubai hospital. The Linux variant's sophisticated features, such as multi-threaded encryption and flexible configuration options, make it a formidable threat in the evolving ransomware landscape.