Dire Wolf Strikes: New Ransomware Group Targeting Global Sectors

July 2, 2025, 7:35 a.m.

Description

A newly emerged ransomware group called Dire Wolf has been observed since May 2025, targeting multiple sectors globally with a focus on manufacturing and technology. The group employs double extortion tactics, encrypting files and threatening to publish stolen data. Analysis of a Dire Wolf ransomware sample revealed it was written in Golang and uses a combination of Curve25519 and ChaCha20 algorithms for encryption. The malware disables event logging, terminates specific processes and services, and deletes backups and recovery options. Victims are given personalized ransom notes with login details for negotiation. As of writing, 16 victims across 11 nations have been listed on the group's leak site, with the US and Thailand being the most affected.

External References

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/dire-wolf-strikes-new-ransomware-group-targeting-global-sectors
https://otx.alienvault.com/pulse/6864dbf5ef57f2bd4ebb9cf3
Tags
ransomware
golang
data leak
2025-07-02
dire wolf

Date

  • Created: July 2, 2025, 7:12 a.m.
  • Published: July 2, 2025, 7:12 a.m.
  • Modified: July 2, 2025, 7:35 a.m.

Indicators

  • 8fdee53152ec985ffeeeda3d7a85852eb5c9902d2d480449421b4939b1904aad
  • 27d90611f005db3a25a4211cf8f69fb46097c6c374905d7207b30e87d296e1b3
Download all indicators here!

Attack Patterns

  • Dire Wolf
  • Dire Wolf

Additional Informations

  • Technology
  • Manufacturing
  • Taiwan
  • Thailand
  • United States of America