killsec

Ransomware group profile

69Victims

RussiaSource country

72Impact score

Also Known As

KillSecurity

Description

KillSec is a notorious ransomware group that has gained prominence for its aggressive attacks on critical infrastructure across various sectors. Known for employing advanced tactics, including double extortion methods, they encrypt data and threaten to leak sensitive information if ransom demands are not met. Their operations have increasingly targeted industries with less robust cybersecurity defenses, causing widespread disruption and financial damage.

Key insights

•Targets critical infrastructure, particularly in healthcare and finance sectors.
•Utilizes advanced obfuscation techniques to avoid detection.
•Employed double extortion tactics, encrypting data and threatening leaks.
•Gains access through spearphishing and exploiting software vulnerabilities.
•Recent campaigns have increasingly used sophisticated ransomware variants.
•Emerging trend involves leveraging zero-day vulnerabilities for attacks.

Industries

Education Financial Services Government & Defense Healthcare Hospitality Manufacturing Other Professional Services Retail & E-Commerce Technology Transportation

Threat Level & Status Breakdown

For killsec · Based on incidents in selected period

2.6threat level

Aggressiveness5/ 10

Lethality0/ 10

Criticality2.9/ 10

Status Breakdown

Claimed53.6%37

First seenAug 2025

Last seenJun 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 23, 2026

Recent activity

Monthly attack count for killsec in the selected period

69Total attacks

32peak in Sep

6.3avg / month

Intelligence

IOCs, YARA/Sigma rules, and related families for killsec

7b3f4d34b8d3518c092d81506df05103
de88ae471d8b95e5e10264aea5eb040fedb9bb71428385e7cff6c77a6ae47d97
4896cfff334f846079174d3ea2d541eec72690a0
5d0509f68a9b7c415a726be75a078180e3f02e59866f193b0a99eee8e39c874f
f0220f5d1f935f09d58e869247cfdb5d
a88f34c0b3a6df683bb89058f8e7a7d534698069
e8c56706296175195a03348b9cd5064e60c36fdeaa6e5fd7b5614ca6bca1c3f8
106248206f1c995a76058999ccd6a6d0f420461e
977054802de7b583a38e0524feefa7356c47c53dd49de8c3d533e7689095f9ac
cbe82e23f8920512b1cf56f3b5b0bca61ec137b9
8684e74d35baab30e8f8af7db486c2a339d3063feb2074109b8c96c1fea8313e
508a20f25a9e0797b3dea4b5055b16af
f52e18b7c8417c7573125c0047adb32d8d813529
785b52e144577375abe4d1c785c451f60c423788
c6d6c64d12cf9dd4474aa492697720af
0a3b0cd349210c4488ef71e8b331ba47
c5fa7fd1ff45c5cfaec851795f4c2e15326046f3022778bdf6f37b7b1dd75f5c
e9ea1026cf176f4d497a27d0c856bedf
3cfcb57b94e69372cd2815dc63d66ab4b4ac4fec48b3b092f76ae5c9beaa353f
311ec9208f5fe3f22733fca1e6388ea9c0327be0836c955d2cf6a22317d4bdca
afcccd45bc700a75e46297bfdae0c47048dc14fc
4d0663cff0c5c3f29c81e9aefd37f16a318ff638986ecc60e9bce6c90b72606b
ce02802067934e0eb072f69bf6427bf6
a0b47c781e70877ad4e721ba49f64fc0bc469e38750f070a232d12f03d9990bc
cb2d18fb91f0cd88e82cb36b614cfedf3e4ae49b
264e801035f64163ffa7cf05086ce4c7d1396956
4d590a9640093bbda21597233b400b037278366660ba2c3128795bc85d35be72
ceaec46f7d65706ffc639e75c515d0a35a21338d
2798bf4fd8e2bc591f656fa107bd871451574d543882ddec3020417964d2faa9
636d4f1e3dcf0332a815ce3f526a02df3c4ef2890a74521d05d6050917596748
f8c80bbecbfb38f252943ee6beec98edc93cd734ec70ccd2565ab1c4db5f072f
cab1c4c675f1d996b659bab1ddb38af365190e450dec3d195461e4e4ccf1c286
13265c0e32312a0763f3f8fed0f017a606355987ac9398bfb38f47c760ad32b0
95ae81de52655fac3f1b226f1896690566090640
62242df8c7db337e46f44c4323ac9738adba89f095deb8e5d873ee8b35fa5079
49c720758b8a87e42829ffb38a0d7fe2a8c36dc3007abfabbea76155185d2902
0e71728e5e6a762923fc0372e2047e0d969bcc5efbf4f3010df2ff6576cab725
4aeb65e3c9a2ca3177f3525686d3b9f4a39ca2b749acd8431589ee28fa528bb9
2f3d67740bb7587ff70cc7319e9fe5c517c0e55345bf53e01b3019e415ff098b
0a93c86ef96d81c90485df71a3b90961
d4757f035c3447c33c2347101d08c1e798f1a044
94b3250879e3600b24318e47620ae5aab15d8640
b64d3d38de70cade9b423e87c571a65c
c30a14b595fa334084cd32fa60b3c827
194d739fa93970d63dade70aae7c3b9ac8a6938be9f0e2d470d3adf8c106bfad
6e426247c1fdaaa09091b5ab4bb5a76b
4e1ed311021ce99a7556af05ca520a5569853eed
f194b0bc35b74f6ed410d8a35e471c57
c43b0006b3f7cd88d31aded8579830168a44ba79
5492947d2b85a57f40201cd7d1351c3d4b92ae88
470f0db6a56a879985c62cd71c5a98a4
1f38a9e17e5096bca84b6ec87eb5470b2ce4450a6a03b3e41b38dbd91ab281da
8cee3ec87a5728be17f838f526d7ef3a842ce8956fe101ed247a5eb1494c579d
b0fd9705e8f83129f97f9111b03642fe
2af2841bf925ed1875faadcbb0ef316c641e1dcdb61d1fbf80c3443c2fc9454f
abd4263c97ab33b22f67e581ebb09ec7b98e4084dd32a7eca6502d3737715769
d8edd46220059541ff397f74bfd271336dda702c6b1869e8a081c71f595a9e68
aa6a9c25aff0e773d4189480171afcf7d0f69ad9
a5fd7e67d46f4d2239c43101666dd0582367bd8d
f08676eeb489087bc0e47bd08a3f7c4b57ef5941698bc09d30857c650763859c
4c917d92ded082bd8623d5e148d4b65ed02447bad3157cad8b66194b93150262
710e80fb64e08f20ab58c20ccdbc966f6e3b54511775e8ed99ff0bcf51690227
49a58ddf3bedc37b61a8205bb3805413
401c5d2157d303df1ca465ff4097ee4474574c39f614cbb5734193a3917354c0
e345d793477abbecc2c455c8c76a925c0dfe99ec4c65b7c353e8a8c8b14da2b6
8b6afbf73a9b98eec01d8510815a044cd036743b64fef955385cbca80ae94f15
f10bd5443148d47fbf7c6a6998651eb9bda4c7c9213f9e5a65a76e98637cb748
7ae31f517fc172a4924f9ee0321c2b013cd3836c97166dac4bcfc5c108d30596
de998bd26ea326e610cc70654499cebfd594cc973438ac421e4c7e1f3b887617
a31642046471ec138bb66271e365a01569ff8d7f
68320761a01f9df5f1bdc71c94326311
5303183d82b8c4d2a47fab4167868a8cfbf8d56d3397701ab890e88c99105ae4
af34b30695539f108741648a1fce012bdf81cc75
0df13fd42fb4a4374981474ea87895a3830eddcc7f3bd494e76acd604c4004f7

View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for killsec

Other

T1486

T1490

T1566.002

T1059.001

T1047

T1078

T1562

T1021

T1021.001

T1071.001

Victims(200)

Company	Domain	Country	Industry	Status	Discovered
csinsurance.mx	—	MX Mexico	Financial Services	Unknown	23 days ago
acehospital.in	—	IN India	Healthcare	Unknown	23 days ago
csinsurance.mx	example.com	MX Mexico	Financial Services	Unknown	23 days ago
acehospital.in	example.com	IN India	Healthcare	Unknown	23 days ago
dsdlawfirm.com	—	—	Professional Services	Unknown	about 1 month ago
dsdlawfirm.com	example.com	US United States	Professional Services	Unknown	about 1 month ago
mrs holdings	mrsholdings.com	NG Nigeria	Professional Services	Unknown	about 2 months ago
mrs holdings	—	—	Professional Services	Unknown	about 2 months ago
Medical PAY	—	—	Financial Services	Unknown	about 2 months ago
Medical PAY	medical-pay.jp	JP Japan	Financial Services	Unknown	about 2 months ago
Global Go	—	—	—	Claimed	3 months ago
Government of the People	—	—	Government & Defense	Claimed	3 months ago
hospitalvetdiadema24h.com.br	—	BR Brazil	Healthcare	Unknown	3 months ago
palram.com	—	IL Israel	Manufacturing	Unknown	3 months ago
hospitalvetdiadema24h.com.br	example.com	BR Brazil	Healthcare	Unknown	3 months ago
palram.com	example.com	IL Israel	Manufacturing	Unknown	3 months ago
meena health	example.com	SA Saudi Arabia	Healthcare	Unknown	3 months ago
NextCapitalTrust	example.com	LK Sri Lanka	Financial Services	Unknown	3 months ago
shlomo bit	—	—	—	Unknown	4 months ago
shlomo bit	shlomo-bit.co.il	IL Israel	Financial Services	Unknown	4 months ago

Page 1 of 10

Affected countries(68)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates 🇦🇷Argentina 🇦🇺Australia 🇧🇩Bangladesh 🇧🇪Belgium Bolivia, Plurinational State of 🇧🇷Brazil 🇧🇼Botswana 🇨🇦Canada 🇨🇭Switzerland 🇨🇱Chile 🇨🇳China 🇨🇴Colombia 🇨🇾Cyprus 🇩🇪Germany 🇩🇰Denmark 🇩🇿Algeria 🇪🇬Egypt 🇪🇸Spain 🇪🇹Ethiopia 🇫🇮Finland 🇫🇷France 🇬🇧United Kingdom 🇬🇪Georgia Guernsey 🇬🇷Greece 🇭🇰Hong Kong 🇮🇩Indonesia 🇮🇪Ireland 🇮🇱Israel 🇮🇳India 🇮🇹Italy 🇯🇲Jamaica 🇯🇵Japan 🇰🇪Kenya 🇰🇲Comoros Korea, Republic of Cayman Islands 🇱🇾Libya 🇲🇦Morocco Moldova, Republic of Macao 🇲🇽Mexico 🇲🇾Malaysia 🇳🇬Nigeria 🇳🇱Netherlands 🇳🇴Norway 🇳🇵Nepal 🇳🇿New Zealand 🇵🇪Peru 🇵🇱Poland Puerto Rico 🇵🇹Portugal 🇷🇴Romania Russian Federation 🇸🇦Saudi Arabia 🇸🇪Sweden 🇸🇬Singapore 🇹🇭Thailand 🇹🇳Tunisia 🇹🇷Turkey 🇺🇦Ukraine 🇺🇸United States Virgin Islands, British 🇻🇳Vietnam 🇻🇺Vanuatu 🇿🇦South Africa 🇿🇲Zambia