Gunra Ransomware Group Unveils Efficient Linux Variant

SUMMARY :

Gunra ransomware, first observed in April 2025, has expanded its capabilities with a new Linux variant. This cross-platform move broadens the group's attack surface and demonstrates their intent to grow beyond their initial scope. The Linux variant features advanced capabilities, including parallel encryption with up to 100 threads, partial file encryption, and customizable encryption parameters. Since its emergence, Gunra has targeted enterprises across various countries and industries, including manufacturing, healthcare, IT, and agriculture. The group's tactics include data exfiltration and encryption, with a reported 40 terabytes of data leaked from a Dubai hospital. The Linux variant's sophisticated features, such as multi-threaded encryption and flexible configuration options, make it a formidable threat in the evolving ransomware landscape.

OPENCTI LABELS :

ransomware,linux,chacha20


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Gunra Ransomware Group Unveils Efficient Linux Variant