killsec

Ransomware group profile

69Victims

RussiaSource country

70Impact score

Also Known As

KillSecurity

Description

KillSec is a notorious ransomware group that has gained prominence for its aggressive attacks on critical infrastructure across various sectors. Known for employing advanced tactics, including double extortion methods, they encrypt data and threaten to leak sensitive information if ransom demands are not met. Their operations have increasingly targeted industries with less robust cybersecurity defenses, causing widespread disruption and financial damage.

Key insights

•Targets critical infrastructure, particularly in healthcare and finance sectors.
•Utilizes advanced obfuscation techniques to avoid detection.
•Employed double extortion tactics, encrypting data and threatening leaks.
•Gains access through spearphishing and exploiting software vulnerabilities.
•Recent campaigns have increasingly used sophisticated ransomware variants.
•Emerging trend involves leveraging zero-day vulnerabilities for attacks.

Industries

Education Financial Services Government & Defense Healthcare Hospitality Manufacturing Other Professional Services Retail & E-Commerce Technology Transportation

Threat Level & Status Breakdown

For killsec · Based on incidents in selected period

2.6threat level

Aggressiveness5/ 10

Lethality0/ 10

Criticality2.9/ 10

Status Breakdown

Claimed53.6%37

First seenAug 2025

Last seenJun 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 18, 2026

Recent activity

Monthly attack count for killsec in the selected period

69Total attacks

32peak in Sep

6.3avg / month

Intelligence

IOCs, YARA/Sigma rules, and related families for killsec

7b3f4d34b8d3518c092d81506df05103
de88ae471d8b95e5e10264aea5eb040fedb9bb71428385e7cff6c77a6ae47d97
f0220f5d1f935f09d58e869247cfdb5d
8684e74d35baab30e8f8af7db486c2a339d3063feb2074109b8c96c1fea8313e
785b52e144577375abe4d1c785c451f60c423788
c6d6c64d12cf9dd4474aa492697720af
afcccd45bc700a75e46297bfdae0c47048dc14fc
4d0663cff0c5c3f29c81e9aefd37f16a318ff638986ecc60e9bce6c90b72606b
ce02802067934e0eb072f69bf6427bf6
264e801035f64163ffa7cf05086ce4c7d1396956
2798bf4fd8e2bc591f656fa107bd871451574d543882ddec3020417964d2faa9
95ae81de52655fac3f1b226f1896690566090640
49c720758b8a87e42829ffb38a0d7fe2a8c36dc3007abfabbea76155185d2902
d4757f035c3447c33c2347101d08c1e798f1a044
94b3250879e3600b24318e47620ae5aab15d8640
b64d3d38de70cade9b423e87c571a65c
8cee3ec87a5728be17f838f526d7ef3a842ce8956fe101ed247a5eb1494c579d
d8edd46220059541ff397f74bfd271336dda702c6b1869e8a081c71f595a9e68
401c5d2157d303df1ca465ff4097ee4474574c39f614cbb5734193a3917354c0
e345d793477abbecc2c455c8c76a925c0dfe99ec4c65b7c353e8a8c8b14da2b6
5303183d82b8c4d2a47fab4167868a8cfbf8d56d3397701ab890e88c99105ae4
0df13fd42fb4a4374981474ea87895a3830eddcc7f3bd494e76acd604c4004f7
f001329114937fbc439f251c803ba825
94f73b5dc06ba6705fcef3e759413a747049c2949a0c2e44afc03b2f9989cf73
8ad67a1b7a5f2428c93f7a13a398e39c
f49c5ca09e04cfb0e5e8532946d183e9cce6595ce364a59b0c9423a828be8415
4f88d3977a24fb160fc3ba69821287a197ae9b04493d705dc2fe939442ba6461
1d5ef46357eb2298b1c3c4faccbaafa729137613
a5febb4b5ba6572594de87d2a9de6df65d49da755385bf3d3d4d054772ce493c
0303f89829763e734b1f9d4f46671e59bfaa1be5d8ec84d35a203efbfcb9bb15
f9db8601d94df9c026331066a2ba9ae1
011fdaa3a7d7f7badc6088eda2a21fa808bcefe2c0cd24b21a89271102c5be60
501e5cc4cb65d55cff934e7447528fef5243578d
c3804d1329b55a37bfa2f835e1e9bbc7bdb2b260f8e3627c06e02c9f52685d44

View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for killsec

Other

T1486

T1490

T1566.002

T1059.001

T1047

T1078

T1562

T1021

T1021.001

T1071.001

Victims(200)

Company	Domain	Country	Industry	Status	Discovered
csinsurance.mx	—	MX Mexico	Financial Services	Unknown	17 days ago
acehospital.in	—	IN India	Healthcare	Unknown	17 days ago
csinsurance.mx	example.com	MX Mexico	Financial Services	Unknown	17 days ago
acehospital.in	example.com	IN India	Healthcare	Unknown	17 days ago
dsdlawfirm.com	—	—	Professional Services	Unknown	about 1 month ago
dsdlawfirm.com	example.com	US United States	Professional Services	Unknown	about 1 month ago
mrs holdings	mrsholdings.com	NG Nigeria	Professional Services	Unknown	about 1 month ago
mrs holdings	—	—	Professional Services	Unknown	about 1 month ago
Medical PAY	—	—	Financial Services	Unknown	about 2 months ago
Medical PAY	medical-pay.jp	JP Japan	Financial Services	Unknown	about 2 months ago
Global Go	—	—	—	Claimed	2 months ago
Government of the People	—	—	Government & Defense	Claimed	2 months ago
hospitalvetdiadema24h.com.br	—	BR Brazil	Healthcare	Unknown	3 months ago
palram.com	—	IL Israel	Manufacturing	Unknown	3 months ago
hospitalvetdiadema24h.com.br	example.com	BR Brazil	Healthcare	Unknown	3 months ago
palram.com	example.com	IL Israel	Manufacturing	Unknown	3 months ago
meena health	example.com	SA Saudi Arabia	Healthcare	Unknown	3 months ago
NextCapitalTrust	example.com	LK Sri Lanka	Financial Services	Unknown	3 months ago
shlomo bit	—	—	—	Unknown	3 months ago
shlomo bit	shlomo-bit.co.il	IL Israel	Financial Services	Unknown	3 months ago

Page 1 of 10

Affected countries(64)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates 🇦🇷Argentina 🇦🇺Australia 🇧🇩Bangladesh 🇧🇪Belgium 🇧🇷Brazil 🇧🇼Botswana 🇨🇦Canada 🇨🇭Switzerland 🇨🇱Chile 🇨🇳China 🇨🇴Colombia 🇨🇾Cyprus 🇩🇪Germany 🇩🇰Denmark 🇩🇿Algeria 🇪🇬Egypt 🇪🇸Spain 🇫🇮Finland 🇫🇷France 🇬🇧United Kingdom 🇬🇪Georgia Guernsey 🇬🇷Greece 🇮🇩Indonesia 🇮🇪Ireland 🇮🇱Israel 🇮🇳India 🇮🇹Italy 🇯🇲Jamaica 🇯🇵Japan 🇰🇪Kenya 🇰🇲Comoros Korea, Republic of Cayman Islands 🇱🇾Libya 🇲🇦Morocco Moldova, Republic of Macao 🇲🇽Mexico 🇲🇾Malaysia 🇳🇬Nigeria 🇳🇱Netherlands 🇳🇴Norway 🇳🇵Nepal 🇳🇿New Zealand 🇵🇪Peru 🇵🇱Poland Puerto Rico 🇵🇹Portugal 🇷🇴Romania Russian Federation 🇸🇦Saudi Arabia 🇸🇪Sweden 🇸🇬Singapore 🇹🇭Thailand 🇹🇳Tunisia 🇹🇷Turkey 🇺🇸United States Virgin Islands, British 🇻🇳Vietnam 🇻🇺Vanuatu 🇿🇦South Africa 🇿🇲Zambia