killsec

Ransomware group profile

71Victims

RussiaSource country

73Impact score

Also Known As

KillSecurity

Description

KillSec is a notorious ransomware group that has gained prominence for its aggressive attacks on critical infrastructure across various sectors. Known for employing advanced tactics, including double extortion methods, they encrypt data and threaten to leak sensitive information if ransom demands are not met. Their operations have increasingly targeted industries with less robust cybersecurity defenses, causing widespread disruption and financial damage.

Key insights

•Targets critical infrastructure, particularly in healthcare and finance sectors.
•Utilizes advanced obfuscation techniques to avoid detection.
•Employed double extortion tactics, encrypting data and threatening leaks.
•Gains access through spearphishing and exploiting software vulnerabilities.
•Recent campaigns have increasingly used sophisticated ransomware variants.
•Emerging trend involves leveraging zero-day vulnerabilities for attacks.

Industries

Education Financial Services Government & Defense Healthcare Hospitality Manufacturing Other Professional Services Retail & E-Commerce Technology Transportation

Threat Level & Status Breakdown

For killsec · Based on incidents in selected period

4threat level

Aggressiveness9/ 10

Lethality0/ 10

Criticality2.9/ 10

Status Breakdown

Claimed54.9%39

First seenJun 2025

Last seenJun 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 2, 2026

Recent activity

Monthly attack count for killsec in the selected period

71Total attacks

32peak in Sep

5.9avg / month

Intelligence

IOCs, YARA/Sigma rules, and related families for killsec

7b3f4d34b8d3518c092d81506df05103
de88ae471d8b95e5e10264aea5eb040fedb9bb71428385e7cff6c77a6ae47d97
8684e74d35baab30e8f8af7db486c2a339d3063feb2074109b8c96c1fea8313e
3cfcb57b94e69372cd2815dc63d66ab4b4ac4fec48b3b092f76ae5c9beaa353f
afcccd45bc700a75e46297bfdae0c47048dc14fc
4d0663cff0c5c3f29c81e9aefd37f16a318ff638986ecc60e9bce6c90b72606b
264e801035f64163ffa7cf05086ce4c7d1396956
2798bf4fd8e2bc591f656fa107bd871451574d543882ddec3020417964d2faa9
d520d06d78afcad2e03842cb8db4622d18b92739e89dfb8dadf5743f30dcd903
62242df8c7db337e46f44c4323ac9738adba89f095deb8e5d873ee8b35fa5079
49c720758b8a87e42829ffb38a0d7fe2a8c36dc3007abfabbea76155185d2902
d4757f035c3447c33c2347101d08c1e798f1a044
b64d3d38de70cade9b423e87c571a65c
e75e5778e71e062ce4a7af673f0b2513854d2367fee0f01a26c0c998863bdf6e
d8edd46220059541ff397f74bfd271336dda702c6b1869e8a081c71f595a9e68
401c5d2157d303df1ca465ff4097ee4474574c39f614cbb5734193a3917354c0
e345d793477abbecc2c455c8c76a925c0dfe99ec4c65b7c353e8a8c8b14da2b6

View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for killsec

Other

T1486

T1490

T1566.002

T1059.001

T1047

T1078

T1562

T1021

T1021.001

T1071.001

Victims(200)

Company	Domain	Country	Industry	Status	Discovered
csinsurance.mx	—	MX Mexico	Financial Services	Unknown	about 19 hours ago
acehospital.in	—	IN India	Healthcare	Unknown	about 19 hours ago
csinsurance.mx	example.com	MX Mexico	Financial Services	Unknown	about 21 hours ago
acehospital.in	example.com	IN India	Healthcare	Unknown	about 21 hours ago
dsdlawfirm.com	—	—	Professional Services	Unknown	21 days ago
dsdlawfirm.com	example.com	US United States	Professional Services	Unknown	21 days ago
mrs holdings	mrsholdings.com	NG Nigeria	Professional Services	Unknown	26 days ago
mrs holdings	—	—	Professional Services	Unknown	26 days ago
Medical PAY	—	—	Financial Services	Unknown	about 1 month ago
Medical PAY	medical-pay.jp	JP Japan	Financial Services	Unknown	about 1 month ago
Government of the People	—	—	Government & Defense	Claimed	about 2 months ago
Global Go	—	—	—	Claimed	about 2 months ago
hospitalvetdiadema24h.com.br	—	BR Brazil	Healthcare	Unknown	3 months ago
palram.com	—	IL Israel	Manufacturing	Unknown	3 months ago
hospitalvetdiadema24h.com.br	example.com	BR Brazil	Healthcare	Unknown	3 months ago
palram.com	example.com	IL Israel	Manufacturing	Unknown	3 months ago
meena health	example.com	SA Saudi Arabia	Healthcare	Unknown	3 months ago
NextCapitalTrust	example.com	LK Sri Lanka	Financial Services	Unknown	3 months ago
shlomo bit	—	—	—	Unknown	3 months ago
shlomo bit	shlomo-bit.co.il	IL Israel	Financial Services	Unknown	3 months ago

Page 1 of 10

Affected countries(61)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates 🇦🇷Argentina 🇦🇺Australia 🇧🇩Bangladesh 🇧🇪Belgium 🇧🇷Brazil 🇧🇼Botswana 🇨🇦Canada 🇨🇭Switzerland 🇨🇱Chile 🇨🇳China 🇨🇴Colombia 🇨🇾Cyprus 🇩🇪Germany 🇩🇰Denmark 🇩🇿Algeria 🇪🇬Egypt 🇪🇸Spain 🇫🇮Finland 🇫🇷France 🇬🇧United Kingdom 🇬🇪Georgia Guernsey 🇬🇷Greece 🇮🇩Indonesia 🇮🇪Ireland 🇮🇱Israel 🇮🇳India 🇮🇹Italy 🇯🇲Jamaica 🇯🇵Japan 🇰🇪Kenya 🇰🇲Comoros Korea, Republic of Cayman Islands 🇱🇾Libya 🇲🇦Morocco Macao 🇲🇽Mexico 🇲🇾Malaysia 🇳🇬Nigeria 🇳🇱Netherlands 🇳🇵Nepal 🇳🇿New Zealand 🇵🇪Peru 🇵🇱Poland Puerto Rico 🇵🇹Portugal 🇷🇴Romania Russian Federation 🇸🇦Saudi Arabia 🇸🇪Sweden 🇸🇬Singapore 🇹🇭Thailand 🇹🇳Tunisia 🇺🇸United States Virgin Islands, British 🇻🇳Vietnam 🇻🇺Vanuatu 🇿🇦South Africa 🇿🇲Zambia