Summary
CYFIRMA has alerted various industries about the alarming rise of Gunra ransomware, which is now targeting critical sectors like real estate, pharmaceuticals, and manufacturing in locations such as Japan, Egypt, and Italy. This threat adopts a double-extortion strategy, encrypting victims’ data and threatening to expose sensitive information on the dark web. Its sophisticated attacks are characterised by evasive techniques and a well-structured ransom demand system.
The report highlights that once infected, Gunra modifies files by appending a specific extension, drops ransom notes in multiple directories, and issues threats regarding data exposure. The group reportedly demands compliance within five days, communicating through a Tor-based interface to pressure victims into payment.
To combat this emerging threat, organisations are urged to enhance their security measures, including robust phishing defenses and regular backups.
Key Points
- Gunra ransomware targets critical sectors, including healthcare and manufacturing, in various countries.
- The ransomware uses double-extortion tactics, encrypting data while threatening public exposure.
- Infections are marked by the addition of a ‘.ENCRT’ extension to afflicted files.
- Victims are given a five-day ultimatum to negotiate with attackers through Tor-based messaging apps.
- CYFIRMA urges firms to bolster their security systems with EDR tools and ensure regular offline backups.
Why should I read this?
If you care about keeping your organisation’s data safe, this article is a must-read! It not only highlights the new and sophisticated Gunra ransomware threat but also provides actionable insights on how to fortify your defences. With attacks escalating, knowing how to protect your business could save you from a lot of headaches.