216.73.217.50

GUNRA RANSOMWARE: What You Don't Know!

· Published 24/09/2025 10:28 · Modified 24/09/2025 12:33

Export JSON

Essential information

Published
24/09/2025 10:28
Modified
24/09/2025 12:33
Tags
2025-09-24 data leak site donot loader double-extortion encryption gunra ransomware linux lumma stealer negotiation phishing ransomware windows
Related entities
1 intrusion sets (apt), 22 techniques (mitre), 3 malware, 13 others

Description

is a double extortion group targeting global victims, excluding the US. They primarily attack systems, recently expanding to . The group uses as their main vector and negotiates through a WhatsApp-themed chat panel. They can encrypt large files quickly using advanced stream ciphers. The has undergone several changes, including a brief clearweb presence. Victims span multiple countries and industries, with South Korea, Brazil, and Japan topping the list. The shares code similarities with Conti and Akira, but newer versions appear unique. Negotiations reveal ambitious ransom demands, sometimes unrealistic. The group employs various evasion techniques and uses multiple MITRE ATT&CK tactics.

External references