Ransomware Intelligence

gunra

Ransomware group profile

35Victims
71Impact score

Description

Gunra is a ransomware group that emerged in June 2025, primarily motivated by financial extortion. The group targets various organizations across multiple sectors by encrypting their data and threatening to publicly release stolen information if ransoms are not paid.

Key insights

  • Employs ransomware tactics to encrypt victim data.
  • Targets a wide range of sectors, including health care and legal services.
  • Utilizes ransom notes to instruct victims to pay for decryption keys through Tor-based portals.
  • Commonly leverages data leak sites to increase pressure on victims.
  • Established persistence techniques to maintain control over compromised systems.

Industries

EducationEnergy & UtilitiesFinancial ServicesGovernment & DefenseHealthcareHospitalityManufacturingOtherProfessional ServicesRetail & E-CommerceTechnologyTransportation

Threat Level & Status Breakdown

For gunra · Based on incidents in selected period

2.6threat level
Aggressiveness5/ 10
Lethality0/ 10
Criticality2.9/ 10

Status Breakdown

Claimed82.9%29
First seenAug 2025
Last seenJun 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 20, 2026

Recent activity

Monthly attack count for gunra in the selected period

35Total attacks
16peak in Apr
5avg / month
↓ 2 vs first month
AugSepOctDecAprMayJun0481216

Intelligence

IOCs, YARA/Sigma rules, and related families for gunra

  1. 6d59bb6a9874b9b03ce6ab998def5b93f68dadedccad9b14433840c2c5c3a34e
  2. 22c47ec98718ab243f2f474170366a1780368e084d1bf6adcd60450a9289e4be
  3. 5530363373dfe8fa474c9394184d2c56a0682c6a178d6f1c3536a1a3796dff42
  4. 91f8fc7a3290611e28a35a403fd815554d9d856006cc2ee91ccdb64057ae53b0
  5. 5677dfad26045e271272bc98be2fd24e2f6d13737850ab1d9857fd58de05e9f9
  6. 186c77101c027a465b14cb4a74f8381e
  7. 75cb7eb79a5fa0d388547520c6c452c700d38659080be074d70395729a0b578e
  8. 136e0bf4e5fe4d4249fe9570153a0b97
  9. 94f73b5dc06ba6705fcef3e759413a747049c2949a0c2e44afc03b2f9989cf73
  10. 844e3b0d066e7da30e704be770c26e5e
  11. 94b68826818ffe8ceb88884d644ad4fc
  12. 854e5f77f788bbbe6e224195e115c749172cd12302afca370d4f9e3d53d005fd
  13. ae6f61c0fc092233abf666643d88d0f3
  14. c3804d1329b55a37bfa2f835e1e9bbc7bdb2b260f8e3627c06e02c9f52685d44
  15. 64049e058f3414066b1b68f84306ec307670b4e93543888b6e40d8e18b74b718
  16. eb46dfb4f15000a7d4af040b68e541251fd5716d2a77958b471a17ce2960416f
  17. 4c0e74e9f94dff611226cd1619cb1e1d
  18. 9a7c0adedc4c68760e49274700218507
  19. 6faef3ca4e9ad30d736cd3716e116e040955b322
  20. 333b88066da20c147309a52b8db07379f7da9d6d
View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for gunra

Other

T1486

T1486

T1490

T1490

T1562

T1562

T1047

T1047

T1059

T1059

T1078

T1078

T1547

T1547

T1021

T1021

T1080

T1080

Victims(35)

CompanyDomainCountryIndustryStatusDiscovered
MHE9 Logística Ltdagrupomhe9.com.brBR BrazilTransportation
Unknown
9 days ago
Suárez&Claverasuarezyclavera.com.uyUY UruguayProfessional Services
Unknown
9 days ago
Cambridge Law Chambersfindyello.comBS BahamasProfessional Services
Unknown
12 days ago
STAREMPIREstarempire.comVN VietnamHospitality
Unknown
22 days ago
SOMAFIXFR FranceHealthcare
Unknown
23 days ago
Cablematic Dos Mil SLUcablematic.comFR FranceProfessional Services
Unknown
30 days ago
Frontier Financial Groupffgwm.comHK Hong KongFinancial Services
Claimed
2 months ago
El Ezh Building Contracting LLCelezh.comAE United Arab EmiratesOther
Claimed
2 months ago
Thai Petroleum & Trading Co., Ltd.tpt.co.thTH ThailandEnergy & Utilities
Claimed
2 months ago
Grupo PyDgrupopyd.comES SpainProfessional Services
Claimed
2 months ago
Ipiranga Contábilipirangacontabil.comBR BrazilProfessional Services
Claimed
2 months ago
NeoDermneoderm.hkHK Hong KongHealthcare
Claimed
2 months ago
INCARFE S.L.incarfe.esES SpainManufacturing
Claimed
2 months ago
Eric Davis Dentalericdavisdental.comUS United StatesHealthcare
Claimed
2 months ago
Ventilaciones Nerual, S.L.ventilacionesnerual.comES SpainManufacturing
Claimed
2 months ago
Envy Recyclingenvy-recycling.czCZ Czech RepublicManufacturing
Claimed
2 months ago
VINTAGE HOMESTEAD GmbHyvintage-homestead.deDE GermanyRetail & E-Commerce
Claimed
2 months ago
Diamondle-caillebotis-diamond.frFR FranceManufacturing
Claimed
2 months ago
ASPShipsaspships.comAU AustraliaTransportation
Claimed
2 months ago
triotech.com.sgtriotech.comSG SingaporeTechnology
Claimed
2 months ago

Page 1 of 2

Affected countries(32)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates🇦🇷Argentina🇦🇺Australia🇧🇷Brazil🇧🇸Bahamas🇨🇦Canada🇨🇴Colombia🇨🇿Czech Republic🇩🇪Germany🇪🇬Egypt🇪🇸Spain🇫🇷France🇬🇧United Kingdom🇭🇰Hong Kong🇭🇷Croatia🇮🇩Indonesia🇮🇹Italy🇯🇵JapanKorea, Republic of🇱🇨Saint Lucia🇱🇹Lithuania🇲🇾Malaysia🇳🇬Nigeria🇳🇮Nicaragua🇵🇦Panama🇸🇬Singapore🇹🇭Thailand🇹🇷TurkeyTaiwan, Province of China🇺🇸United States🇺🇾Uruguay🇻🇳Vietnam