gunra
Ransomware group profile
35Victims
71Impact score
Description
Gunra is a ransomware group that emerged in June 2025, primarily motivated by financial extortion. The group targets various organizations across multiple sectors by encrypting their data and threatening to publicly release stolen information if ransoms are not paid.
Key insights
- •Employs ransomware tactics to encrypt victim data.
- •Targets a wide range of sectors, including health care and legal services.
- •Utilizes ransom notes to instruct victims to pay for decryption keys through Tor-based portals.
- •Commonly leverages data leak sites to increase pressure on victims.
- •Established persistence techniques to maintain control over compromised systems.
Threat Level & Status Breakdown
For gunra · Based on incidents in selected period
2.6threat level
Aggressiveness5/ 10
Lethality0/ 10
Criticality2.9/ 10
Status Breakdown
Claimed82.9%29
First seenAug 2025
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 23, 2026
Recent activity
Monthly attack count for gunra in the selected period
35Total attacks
16peak in Apr
5avg / month
↓ 2 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for gunra
- 6d59bb6a9874b9b03ce6ab998def5b93f68dadedccad9b14433840c2c5c3a34e
- 22c47ec98718ab243f2f474170366a1780368e084d1bf6adcd60450a9289e4be
- 5530363373dfe8fa474c9394184d2c56a0682c6a178d6f1c3536a1a3796dff42
- 91f8fc7a3290611e28a35a403fd815554d9d856006cc2ee91ccdb64057ae53b0
- 5677dfad26045e271272bc98be2fd24e2f6d13737850ab1d9857fd58de05e9f9
- 75cb7eb79a5fa0d388547520c6c452c700d38659080be074d70395729a0b578e
- 94f73b5dc06ba6705fcef3e759413a747049c2949a0c2e44afc03b2f9989cf73
- 844e3b0d066e7da30e704be770c26e5e
- 94b68826818ffe8ceb88884d644ad4fc
- 854e5f77f788bbbe6e224195e115c749172cd12302afca370d4f9e3d53d005fd
- ae6f61c0fc092233abf666643d88d0f3
- c3804d1329b55a37bfa2f835e1e9bbc7bdb2b260f8e3627c06e02c9f52685d44
- 64049e058f3414066b1b68f84306ec307670b4e93543888b6e40d8e18b74b718
- eb46dfb4f15000a7d4af040b68e541251fd5716d2a77958b471a17ce2960416f
- 4c0e74e9f94dff611226cd1619cb1e1d
- 9a7c0adedc4c68760e49274700218507
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for gunra
Other
T1486
T1486
T1490
T1490
T1562
T1562
T1047
T1047
T1059
T1059
T1078
T1078
T1547
T1547
T1021
T1021
T1080
T1080
Victims(35)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| MHE9 Logística Ltda | grupomhe9.com.br | BR Brazil | Transportation | Unknown | 13 days ago | |
| Suárez&Clavera | suarezyclavera.com.uy | UY Uruguay | Professional Services | Unknown | 13 days ago | |
| Cambridge Law Chambers | findyello.com | BS Bahamas | Professional Services | Unknown | 16 days ago | |
| STAREMPIRE | starempire.com | VN Vietnam | Hospitality | Unknown | 26 days ago | |
| SOMAFIX | somafix.fr | FR France | Healthcare | Unknown | 27 days ago | |
| Cablematic Dos Mil SLU | cablematic.com | FR France | Professional Services | Unknown | about 1 month ago | |
| Frontier Financial Group | ffgwm.com | HK Hong Kong | Financial Services | Claimed | 3 months ago | |
| El Ezh Building Contracting LLC | elezh.com | AE United Arab Emirates | Other | Claimed | 3 months ago | |
| Thai Petroleum & Trading Co., Ltd. | tpt.co.th | TH Thailand | Energy & Utilities | Claimed | 3 months ago | |
| Grupo PyD | grupopyd.com | ES Spain | Professional Services | Claimed | 3 months ago | |
| Ipiranga Contábil | ipirangacontabil.com | BR Brazil | Professional Services | Claimed | 3 months ago | |
| NeoDerm | neoderm.hk | HK Hong Kong | Healthcare | Claimed | 3 months ago | |
| INCARFE S.L. | incarfe.es | ES Spain | Manufacturing | Claimed | 3 months ago | |
| Eric Davis Dental | ericdavisdental.com | US United States | Healthcare | Claimed | 3 months ago | |
| Ventilaciones Nerual, S.L. | ventilacionesnerual.com | ES Spain | Manufacturing | Claimed | 3 months ago | |
| Envy Recycling | envy-recycling.cz | CZ Czech Republic | Manufacturing | Claimed | 3 months ago | |
| VINTAGE HOMESTEAD GmbHy | vintage-homestead.de | DE Germany | Retail & E-Commerce | Claimed | 3 months ago | |
| Diamond | le-caillebotis-diamond.fr | FR France | Manufacturing | Claimed | 3 months ago | |
| ASPShips | aspships.com | AU Australia | Transportation | Claimed | 3 months ago | |
| triotech.com.sg | triotech.com | SG Singapore | Technology | Claimed | 3 months ago |
Page 1 of 2
Affected countries(32)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇷Argentina🇦🇺Australia🇧🇷Brazil🇧🇸Bahamas🇨🇦Canada🇨🇴Colombia🇨🇿Czech Republic🇩🇪Germany🇪🇬Egypt🇪🇸Spain🇫🇷France🇬🇧United Kingdom🇭🇰Hong Kong🇭🇷Croatia🇮🇩Indonesia🇮🇹Italy🇯🇵JapanKorea, Republic of🇱🇨Saint Lucia🇱🇹Lithuania🇲🇾Malaysia🇳🇬Nigeria🇳🇮Nicaragua🇵🇦Panama🇸🇬Singapore🇹🇭Thailand🇹🇷TurkeyTaiwan, Province of China🇺🇸United States🇺🇾Uruguay🇻🇳Vietnam