Ransom & Dark Web Issues Week 1, July 2025 - ASEC
Ransom & Dark Web Issues Week 1, July 2025 ASEC| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 4, September 2025 Personal information of Spanish politicians and public officials shared on DarkForums. A university application platform in South Korea listed as a new victim by the ransomware group Kill Security. Data from a South Korean shipbuilding company being […]| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 3, September 2025 The emergence of a new ransomware group, BlackShrantac South Korean asset management firms listed as new victims of the Qilin ransomware group A South Korean broadcasting and telecom equipment manufacturer listed as a new victim of the […]| ASEC
In June 2025, a new ransomware group known as Kawa4096 emerged, targeting multinational organizations across various sectors, including finance, education, and services. Their attacks have affected companies in multiple countries, notably Japan and the United States. Although there is currently no public information confirming whether they operate as a Ransomware-as-a-Service (RaaS) or collaborate with other threat groups, […]| ASEC
BlackLock is a relatively new ransomware group that is believed to have been established around March 2024. Their existence was publicly revealed in June 2024 when the Dedicated Leak Site (DLS) was identified. At that time, information on multiple affected companies had already been posted, suggesting that the gang had been active in secret for […]| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 2, September 2025 Financial Institution Data from Poland and Central Europe Listed for Sale on DarkForums Gunra Ransomware Targets Korean Manufacturer Emergence of Four New Ransomware Groups: Obscura, Yurei, The Gentlemen, Radar| ASEC
BlackNevas has been continuously launching ransomware attacks against companies in various industries and countries, including South Korea. This post provides a technical analysis on the characteristics, encryption methods, and reasons why BlackNevas encrypts files in a way that makes them impossible to decrypt. It is hoped that this post will provide insights for defending against […]| ASEC
The CyberVolk ransomware, which first emerged in May 2024, has been launching attacks on public institutions and key infrastructures of various countries, posing a continuous threat. The ransomware is particularly notable for its pro-Russia nature, as it primarily targets anti-Russian countries, making it a geopolitically significant cyber threat. This post provides a technical analysis of […]| ASEC
NightSpire operates a DLS (Dedicated Leak Site) and posts a countdown timer for the public release of information and data about victims. The group is known for using highly threatening language for their cyber extortion. This post describes the analysis and characteristics of NightSpire ransomware. 1. Overview 1.1. NightSpire Threat Group Figure […]| ASEC
Interlock ransomware group launches continuous ransomware attacks against companies from various countries and industries. This post describes the analysis and characteristics of Interlock ransomware. 1. Overview 1.1 Interlock ProfilesInterlock ransomware group first emerged at the end of September 2024, and has been continuously attacking various businesses and critical infrastructures in North America and Europe. Like […]| ASEC
The Underground ransomware gang is launching continuous ransomware attacks against companies in various countries and industries, including South Korea. This post describes the analysis and characteristics of the Underground ransomware. 1. Overview 1.1 Team Underground The ransomware strain operated by the group known as Underground was first identified in early July 2023. Afterward, their […]| ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 3, August 2025 WARLOCK launched a ransomware attack targeting a telecommunications provider in France. The pro-Israeli hacktivist group “313 Team” claims to have conducted DDoS attacks against nine institutions in Saudi Arabia. Qilin carried out ransomware attacks targeting financial and […]| ASEC
Ransom & Dark Web Issues Week 1, July 2025 ASEC| ASEC
May 2025 Threat Trend Report on Ransomware ASEC| ASEC
Ransom & Dark Web Issues Week 2, June 2025 ASEC| ASEC
The AhnLab SEcurity intelligence Center (ASEC) recently discovered ransomware being distributed disguised a password cracker tool. Such tools are typically used in brute force attacks. Brute force attacks involve by trying every possible combination to find the correct password. Attackers repeatedly attempt to breach a system’s authentication procedure to steal passwords. This method is particularly […]| ASEC
Ransom & Dark Web Issues Week 3, May 2025 ASEC| ASEC
