Nimble 'Gunra' Ransomware Evolves With Linux Variant

Threat Score:
68
4 articles
100.0% similarity
6 days ago

Activity Timeline

4 articles
Click to navigate
Jul 29
Jul 30
Jul 30
Jul 31
Oldest
Latest

Key Insights

1
Gunra ransomware has introduced a new Linux variant capable of running up to 100 parallel encryption threads, significantly increasing its operational efficiency.
2
The ransomware has already targeted 14 victims across various sectors, including healthcare, manufacturing, and IT, with notable incidents involving data exfiltration of 40 terabytes.
3
Trend Micro's threat intelligence indicates that Gunra's activities span multiple countries, including the US, South Korea, and Turkiye, highlighting its global reach.
4
The ransomware employs advanced techniques inspired by Conti, such as partial file encryption and separate storage for RSA keys, complicating recovery efforts.
5
Immediate actions include enhancing monitoring for unusual network activity, implementing robust backup solutions, and ensuring endpoint protection is up to date.

Threat Overview

The Gunra ransomware group has evolved by launching a new Linux variant that can execute up to 100 encryption threads, significantly enhancing its threat to organizations across multiple sectors, including healthcare and IT [1][2][3]. This variant's capabilities, inspired by Conti techniques, allow for partial file encryption and effective data exfiltration, with 40 terabytes of data reportedly compromised [3][4]. Organizations must prioritize immediate defensive actions, including monitoring for suspicious activity, updating endpoint protections, and ensuring comprehensive data backup strategies are in place [1][2][3].

Tactics, Techniques & Procedures (TTPs)

T1071.001
Application Layer Protocol - Utilization of standard protocols for command and control communications [2]
T1566.001
Spearphishing Attachment - Delivery of ransomware payloads through phishing emails [1]
T1041
Exfiltration Over Command and Control Channel - Data exfiltration techniques used to steal sensitive information [3]
T1486
Data Encrypted for Impact - Use of encryption to disrupt access to victim data [4]
T1569.002
Container Administration - Deployment of ransomware across Linux containers [2]

Timeline of Events

2025-04
Initial discovery of Gunra ransomware targeting Windows systems [2]
2025-07-29
New Linux variant identified with advanced encryption capabilities [4]
2025-07-30
Reports of 14 victims across various sectors and data exfiltration incidents [1][3]
2025-07-31
Trend Micro publishes detailed analysis of Gunra's cross-platform capabilities [2]
Ongoing
Gunra continues to expand its attack surface and victim list globally [3]
Powered by ThreatCluster AI
Generated 5 days ago
AI analysis may contain inaccuracies

Related Articles

4 articles
2

New Gunra Ransomware Linux Variant Launches 100 Encryption Threads with Partial Encryption Feature

GB Hackers 6 days ago

New Gunra Ransomware Linux Variant Launches 100 Encryption Threads with Partial Encryption Feature The new Gunra group has expanded its attack surface beyond Windows PCs by releasing a Linux version of their virus, which was initially discovered in April 2025. This is a major uptick in the ransomware ecosystem. This development underscores the group’s strategic pivot toward cross-platform targeting, inspired by predecessors like Conti ransomware. Trend Micro’s threat intelligence has tracked Gun

Score
54
95.0% similarity
Read more
3

Gunra Ransomware New Linux Variant Runs Up To 100 Encryption Threads With New Partial Encryption Feature

Cybersecurity News 5 days ago

A sophisticated new Linux variant of Gunra ransomware has emerged, marking a significant escalation in the threat group’s cross-platform capabilities since its initial discovery in April 2025. The ransomware, which drew inspiration from the notorious Conti ransomware techniques, has rapidly expanded its operational scope beyond Windows systems to target Linux environments, demonstrating the group’s strategic […]

Score
53
100.0% similarity
Read more
4

Ransomware upstart Gunra goes cross-platform with encryption upgrades

CSO Online 6 days ago

A new Linux variant of the “Gunra” ransomware family has been identified with highly configurable multithreading, allowing attackers to run up to 100 parallel encryptions. A Trend Micro research underlined that the emerging threat group, which has already claimed 14 victims spanning healthcare, manufacturing, and IT, has rolled out a new ransomware variant with significant upgrades, including multi-threaded encryption, partial file encryption, and separate storage for RSA keys. “Trend’s threat i

Score
51
100.0% similarity
Read more