July 2025 Threat Trend Report on Ransomware - ASEC
July 2025 Threat Trend Report on Ransomware ASEC| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 4, September 2025 Personal information of Spanish politicians and public officials shared on DarkForums. A university application platform in South Korea listed as a new victim by the ransomware group Kill Security. Data from a South Korean shipbuilding company being […]| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 3, September 2025 The emergence of a new ransomware group, BlackShrantac South Korean asset management firms listed as new victims of the Qilin ransomware group A South Korean broadcasting and telecom equipment manufacturer listed as a new victim of the […]| ASEC
In June 2025, a new ransomware group known as Kawa4096 emerged, targeting multinational organizations across various sectors, including finance, education, and services. Their attacks have affected companies in multiple countries, notably Japan and the United States. Although there is currently no public information confirming whether they operate as a Ransomware-as-a-Service (RaaS) or collaborate with other threat groups, […]| ASEC
BlackLock is a relatively new ransomware group that is believed to have been established around March 2024. Their existence was publicly revealed in June 2024 when the Dedicated Leak Site (DLS) was identified. At that time, information on multiple affected companies had already been posted, suggesting that the gang had been active in secret for […]| ASEC
This report provides the statistics and major ransomware-related issues in Korea and worldwide, as well as the number of affected systems and ransomware cases based on Dedicated Leak Sites (DLS) over the course of August 2025. Below is a summary of the report. Disclaimer: The number of ransomware samples and damaged systems is based […]| ASEC
This report comprehensively covers actual cyber threats and security issues related to financial companies in South Korea and abroad. This article includes an analysis of malware and phishing cases distributed to the financial sector, the top 10 malware strains targeting the financial sector, and the industry statistics of leaked Korean accounts on Telegram. A detailed […]| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 2, September 2025 Financial Institution Data from Poland and Central Europe Listed for Sale on DarkForums Gunra Ransomware Targets Korean Manufacturer Emergence of Four New Ransomware Groups: Obscura, Yurei, The Gentlemen, Radar| ASEC
BlackNevas has been continuously launching ransomware attacks against companies in various industries and countries, including South Korea. This post provides a technical analysis on the characteristics, encryption methods, and reasons why BlackNevas encrypts files in a way that makes them impossible to decrypt. It is hoped that this post will provide insights for defending against […]| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 1, Sep. 2025 Japan-Based Automotive Company Listed as a New Victim of Ransomware Group Black Nevas Emergence of New Ransomware Groups: Desolator and LunaLock Korean Electronics Parts Manufacturer Targeted by Ransomware Group Gunra| ASEC
DireWolf Ransomware Group The DireWolf ransomware group made their first appearance in May 2025. On May 26 of the same month, they disclosed their first 6 victims on a darknet leak site, marking the beginning of their full-fledged activities. The group stated that their only goal is money and contacts their victims through the Tox […]| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 4, August 2025 Qilin Targets Japanese Automotive Design Firm in Ransomware Attack Attempt to Sell South Korean Local Government Data on DarkForums Raises Credibility Concerns Emerging Ransomware Group Cephalus Hits at Least 9 Organizations, Reveals Victims via DLS| ASEC
NightSpire operates a DLS (Dedicated Leak Site) and posts a countdown timer for the public release of information and data about victims. The group is known for using highly threatening language for their cyber extortion. This post describes the analysis and characteristics of NightSpire ransomware. 1. Overview 1.1. NightSpire Threat Group Figure […]| ASEC
Interlock ransomware group launches continuous ransomware attacks against companies from various countries and industries. This post describes the analysis and characteristics of Interlock ransomware. 1. Overview 1.1 Interlock ProfilesInterlock ransomware group first emerged at the end of September 2024, and has been continuously attacking various businesses and critical infrastructures in North America and Europe. Like […]| ASEC
The Underground ransomware gang is launching continuous ransomware attacks against companies in various countries and industries, including South Korea. This post describes the analysis and characteristics of the Underground ransomware. 1. Overview 1.1 Team Underground The ransomware strain operated by the group known as Underground was first identified in early July 2023. Afterward, their […]| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 3, August 2025 WARLOCK launched a ransomware attack targeting a telecommunications provider in France. The pro-Israeli hacktivist group “313 Team” claims to have conducted DDoS attacks against nine institutions in Saudi Arabia. Qilin carried out ransomware attacks targeting financial and […]| ASEC
July 2025 Threat Trend Report on Ransomware ASEC| ASEC
July 2025 Security Issues in Korean & Global Financial Sector ASEC| ASEC
Ransom & Dark Web Issues Week 2, July 2025 ASEC| ASEC
June 2025 Trend Report on the Deep Web & Dark Web ASEC| ASEC
June 2025 Security Issues in Korean & Global Financial Sector ASEC| ASEC
Ransom & Dark Web Issues Week 1, July 2025 ASEC| ASEC
May 2025 Threat Trend Report on Ransomware ASEC| ASEC
Ransom & Dark Web Issues Week 2, June 2025 ASEC| ASEC
May 2025 Security Issues in Korean & Global Financial Sector ASEC| ASEC
May 2025 Deep Web and Dark Web Trends Report ASEC| ASEC
Ransom & Dark Web Issues Week 3, May 2025 ASEC| ASEC
