direwolf

Ransomware group profile

58Victims

United StatesSource country

56Impact score

Description

Dire Wolf is a financially motivated ransomware group that emerged in May 2025 and quickly established itself through disruptive attacks across multiple regions. The group operates a dark web leak site and employs a double extortion model, demonstrating a clear emphasis on monetary profit over any political agenda.

Key insights

•Gains initial access through spear-phishing, exploitation of exposed services, or weak credentials.
•Employs a double extortion model, exfiltrating data before encryption and threatening to publish it.
•Ransomware payload is written in Golang and often uses UPX for obfuscation.
•Uses Curve25519 for key exchange and ChaCha20 for file encryption.
•Targets include a variety of sectors with reported ransom demands reaching up to $500,000.

Industries

Education Energy & Utilities Financial Services Government & Defense Healthcare Hospitality Manufacturing Other Professional Services Retail & E-Commerce Technology Transportation

Threat Level & Status Breakdown

For direwolf · Based on incidents in selected period

2.4threat level

Aggressiveness5/ 10

Lethality0/ 10

Criticality2/ 10

Status Breakdown

Claimed100.0%58

First seenJun 2025

Last seenJan 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 2, 2026

Recent activity

Monthly attack count for direwolf in the selected period

58Total attacks

12peak in Jul

7.3avg / month

↑ 6 vs first month

Intelligence

IOCs, YARA/Sigma rules, and related families for direwolf

7f877830ebafb0b809b96bac7baf4435e235ab7835f695006ff779e6178c3638
831c6ffbe6e3b31a3e9aec27c79f7d42717e8c9d
4a5852e9f9e20b243d8430b229e41b92949e4d69
f7f4e9366737ab6cc064bc2e5f062ae368e16bbefe845c962dd0c4e9ba919697
27d90611f005db3a25a4211cf8f69fb46097c6c374905d7207b30e87d296e1b3
aa62b3905be9b49551a07bc16eaad2ff
bc6912c853be5907438b4978f6c49e43

View full IOC feed7 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for direwolf

Other

T1486

T1490

T1021

T1562

T1078

T1021.001

T1547

T1059

T1047

T1489

Victims(58)

Company	Domain	Country	Industry	Status	Discovered
Chemsain Konsultant Sdn Bhd	chemsain.com	MY Malaysia	Manufacturing	Claimed	5 months ago
Perdana Petroleum Berhad	perdana.my	MY Malaysia	Energy & Utilities	Claimed	5 months ago
Mohammad Omar Bin Haider Holding Group	mobhholding.com	AE United Arab Emirates	Professional Services	Claimed	5 months ago
Bauerfeind	bauerfeind.ca	DE Germany	Healthcare	Claimed	5 months ago
Bina Darulaman Berhad	bdb.com.my	MY Malaysia	Other	Claimed	5 months ago
Hydrodiseño	hydrodiseno.com	ES Spain	Manufacturing	Claimed	5 months ago
Varimed Medikal	varimed.com.tr	TR Turkey	Healthcare	Claimed	5 months ago
Sunzen Biotech Berhad	sunzengroup.com	MY Malaysia	Healthcare	Claimed	5 months ago
Laurenzano Logistics	laurenzanologistica.com.ar	US United States	Transportation	Claimed	5 months ago
KwikLedgers	kwikledgers.com	US United States	Financial Services	Claimed	5 months ago
PernelMedia	pernelmedia.com	FR France	Retail & E-Commerce	Claimed	5 months ago
Adnan Sundra & Low	asl.com.my	MY Malaysia	Financial Services	Claimed	5 months ago
Sanyang Motor	sanyang.com.tw	TW Taiwan	Manufacturing	Claimed	5 months ago
Guan Chong Berhad	gcbcocoa.com	MY Malaysia	Other	Claimed	5 months ago
Office of Public Sector Anti-Corruption Commission	pacc.go.th	TH Thailand	Government & Defense	Claimed	5 months ago
Ranger Investigation Guard	ranger1992.com	TH Thailand	Professional Services	Claimed	5 months ago
Polaris Parks	polarisparks.com	US United States	Professional Services	Claimed	5 months ago
Electricidad Panamericana	electricidadpanamericana.com.ar	AR Argentina	Energy & Utilities	Claimed	6 months ago
Clemar Assessoria e Logística em Comércio Internacional	clemar.net	BR Brazil	Transportation	Claimed	6 months ago
Transpedrosa	transpedrosa.com.br	BR Brazil	Transportation	Claimed	6 months ago

Page 1 of 3