Gunra Ransomware Group Unveils Efficient Linux Variant

July 30, 2025, 2:51 p.m.

Description

Gunra ransomware, first observed in April 2025, has expanded its capabilities with a new Linux variant. This cross-platform move broadens the group's attack surface and demonstrates their intent to grow beyond their initial scope. The Linux variant features advanced capabilities, including parallel encryption with up to 100 threads, partial file encryption, and customizable encryption parameters. Since its emergence, Gunra has targeted enterprises across various countries and industries, including manufacturing, healthcare, IT, and agriculture. The group's tactics include data exfiltration and encryption, with a reported 40 terabytes of data leaked from a Dubai hospital. The Linux variant's sophisticated features, such as multi-threaded encryption and flexible configuration options, make it a formidable threat in the evolving ransomware landscape.

External References

https://www.trendmicro.com/en_us/research/25/g/gunra-ransomware-linux-variant.html
https://otx.alienvault.com/pulse/688a2dc61af534fff64727ec
Tags
linux
ransomware
chacha20
2025-07-30

Date

  • Created: July 30, 2025, 2:35 p.m.
  • Published: July 30, 2025, 2:35 p.m.
  • Modified: July 30, 2025, 2:51 p.m.

Indicators

  • 944a1a411abb97f9ae547099c4834beb49de0745740ba450efb747bd62d8d83b
  • 5530363373dfe8fa474c9394184d2c56a0682c6a178d6f1c3536a1a3796dff42
  • 22c47ec98718ab243f2f474170366a1780368e084d1bf6adcd60450a9289e4be
  • 91f8fc7a3290611e28a35a403fd815554d9d856006cc2ee91ccdb64057ae53b0
  • 854e5f77f788bbbe6e224195e115c749172cd12302afca370d4f9e3d53d005fd
  • a82e496b7b5279cb6b93393ec167dd3f50aff1557366784b25f9e51cb23689d9
Download all indicators here!

Attack Patterns

  • Gunra

Additional Informations

  • Agriculture
  • Technology
  • Healthcare
  • Transportation
  • Government
  • Manufacturing
  • Taiwan
  • Canada
  • Japan
  • Brazil
  • United States of America