GUNRA RANSOMWARE: What You Don't Know!

Sept. 24, 2025, 12:33 p.m.

Description

Gunra Ransomware is a double extortion group targeting global victims, excluding the US. They primarily attack Windows systems, recently expanding to Linux. The group uses phishing as their main vector and negotiates through a WhatsApp-themed chat panel. They can encrypt large files quickly using advanced stream ciphers. The Data Leak Site has undergone several changes, including a brief clearweb presence. Victims span multiple countries and industries, with South Korea, Brazil, and Japan topping the list. The ransomware shares code similarities with Conti and Akira, but newer versions appear unique. Negotiations reveal ambitious ransom demands, sometimes unrealistic. The group employs various evasion techniques and uses multiple MITRE ATT&CK tactics.

External References

https://theravenfile.com/2025/09/23/gunra-ransomware-what-you-dont-know/
https://otx.alienvault.com/pulse/68d3c7c3d528d85fd90a9395
Tags
linux
phishing
ransomware
windows
encryption
lumma stealer
double extortion
data leak site
2025-09-24
negotiation
gunra ransomware
donot loader

Date

  • Created: Sept. 24, 2025, 10:28 a.m.
  • Published: Sept. 24, 2025, 10:28 a.m.
  • Modified: Sept. 24, 2025, 12:33 p.m.

Attack Patterns

  • DoNoT Loader
  • Gunra Ransomware
  • Lumma Stealer
  • Gunra

Additional Informations

  • Technology
  • Healthcare
  • Finance
  • Manufacturing
  • Croatia
  • Panama
  • Nicaragua
  • Egypt
  • Colombia
  • Italy
  • Canada
  • Japan
  • Brazil