Ransomware Intelligence

gunra

Ransomware group profile

34Victims
63Impact score

Description

Gunra is a ransomware group that emerged in June 2025, primarily motivated by financial extortion. The group targets various organizations across multiple sectors by encrypting their data and threatening to publicly release stolen information if ransoms are not paid.

Key insights

  • Employs ransomware tactics to encrypt victim data.
  • Targets a wide range of sectors, including health care and legal services.
  • Utilizes ransom notes to instruct victims to pay for decryption keys through Tor-based portals.
  • Commonly leverages data leak sites to increase pressure on victims.
  • Established persistence techniques to maintain control over compromised systems.

Industries

EducationEnergy & UtilitiesFinancial ServicesGovernment & DefenseHealthcareHospitalityManufacturingOtherProfessional ServicesRetail & E-CommerceTechnologyTransportation

Threat Level & Status Breakdown

For gunra · Based on incidents in selected period

3.5threat level
Aggressiveness7/ 10
Lethality0/ 10
Criticality3.4/ 10

Status Breakdown

Claimed91.2%31
First seenJun 2025
Last seenMay 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 2, 2026

Recent activity

Monthly attack count for gunra in the selected period

34Total attacks
16peak in Apr
4.9avg / month
↑ 1 vs first month
JunAugSepOctDecAprMay0481216

Intelligence

IOCs, YARA/Sigma rules, and related families for gunra

  1. 6d59bb6a9874b9b03ce6ab998def5b93f68dadedccad9b14433840c2c5c3a34e
  2. 22c47ec98718ab243f2f474170366a1780368e084d1bf6adcd60450a9289e4be
  3. 5530363373dfe8fa474c9394184d2c56a0682c6a178d6f1c3536a1a3796dff42
  4. 91f8fc7a3290611e28a35a403fd815554d9d856006cc2ee91ccdb64057ae53b0
  5. a912233df115e5002f95d55ba0481e6bff798ed3
  6. 0b64ee06e7b34f8d44ec47ff2fbf9f10f6753103
  7. 4cf09f8fd5385c4b8414fb6163d831164f1f25c8
  8. 5677dfad26045e271272bc98be2fd24e2f6d13737850ab1d9857fd58de05e9f9
  9. 66c1246e8cb9befca5d129c28de10c74d3855e68
  10. d520d06d78afcad2e03842cb8db4622d18b92739e89dfb8dadf5743f30dcd903
  11. 186c77101c027a465b14cb4a74f8381e
  12. 75cb7eb79a5fa0d388547520c6c452c700d38659080be074d70395729a0b578e
  13. e75e5778e71e062ce4a7af673f0b2513854d2367fee0f01a26c0c998863bdf6e
  14. 6ee4a4631b61537f877e880c61536852b09b1c3f
  15. f95f19fd7d71f58a67bd88fe384cf2d36cc5cd45
  16. eae09889399fe4fb8e78b114dba0527de913d12fb1802944a88ed136e3e90577
  17. 136e0bf4e5fe4d4249fe9570153a0b97
View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for gunra

Other

T1486

T1486

T1490

T1490

T1562

T1562

T1047

T1047

T1059

T1059

T1078

T1078

T1547

T1547

T1021

T1021

T1080

T1080

Victims(34)

CompanyDomainCountryIndustryStatusDiscovered
STAREMPIREstarempire.comVN VietnamHospitality
Unknown
4 days ago
SOMAFIXFR FranceHealthcare
Unknown
5 days ago
Cablematic Dos Mil SLUcablematic.comFR FranceProfessional Services
Unknown
12 days ago
Frontier Financial Groupffgwm.comHK Hong KongFinancial Services
Claimed
about 2 months ago
El Ezh Building Contracting LLCelezh.comAE United Arab EmiratesOther
Claimed
about 2 months ago
Thai Petroleum & Trading Co., Ltd.tpt.co.thTH ThailandEnergy & Utilities
Claimed
about 2 months ago
Grupo PyDgrupopyd.comES SpainProfessional Services
Claimed
about 2 months ago
Ipiranga Contábilipirangacontabil.comBR BrazilProfessional Services
Claimed
about 2 months ago
NeoDermneoderm.hkHK Hong KongHealthcare
Claimed
about 2 months ago
INCARFE S.L.incarfe.esES SpainManufacturing
Claimed
about 2 months ago
Eric Davis Dentalericdavisdental.comUS United StatesHealthcare
Claimed
about 2 months ago
Ventilaciones Nerual, S.L.ventilacionesnerual.comES SpainManufacturing
Claimed
about 2 months ago
Envy Recyclingenvy-recycling.czCZ Czech RepublicManufacturing
Claimed
about 2 months ago
VINTAGE HOMESTEAD GmbHyvintage-homestead.deDE GermanyRetail & E-Commerce
Claimed
about 2 months ago
Diamondle-caillebotis-diamond.frFR FranceManufacturing
Claimed
about 2 months ago
ASPShipsaspships.comAU AustraliaTransportation
Claimed
about 2 months ago
triotech.com.sgtriotech.comSG SingaporeTechnology
Claimed
about 2 months ago
bkksky.comnokair-bkksky.comTH ThailandHospitality
Claimed
about 2 months ago
KUKJE PHARM CO.,LTDkukjepharm.co.krKR South KoreaManufacturing
Claimed
about 2 months ago
INHA Universityinha.ac.krKR South KoreaEducation
Claimed
5 months ago

Page 1 of 2

Affected countries(28)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates🇦🇷Argentina🇦🇺Australia🇧🇷Brazil🇨🇦Canada🇨🇴Colombia🇨🇿Czech Republic🇩🇪Germany🇪🇬Egypt🇪🇸Spain🇫🇷France🇭🇰Hong Kong🇭🇷Croatia🇮🇩Indonesia🇮🇹Italy🇯🇵JapanKorea, Republic of🇱🇹Lithuania🇲🇾Malaysia🇳🇬Nigeria🇳🇮Nicaragua🇵🇦Panama🇸🇬Singapore🇹🇭Thailand🇹🇷TurkeyTaiwan, Province of China🇺🇸United States🇻🇳Vietnam