walocker
Ransomware group profile
16Victims
RussiaSource country
60Impact score
Description
Walocker is a financially motivated ransomware operation that began on June 10, 2025. The group employs a double extortion model, encrypting victim data and threatening to release sensitive information if ransom demands are not met.
Key insights
- •Utilizes a double extortion model involving data encryption and exfiltration.
- •Targets the financial services sector among others.
- •Threatens to publish stolen data on a dedicated leak site.
- •Specific initial access methods and tools are not well-documented.
- •Known to target entities in various countries, primarily Cambodia.
Threat Level & Status Breakdown
For walocker · Based on incidents in selected period
1.4threat level
Aggressiveness4/ 10
Lethality0/ 10
Criticality0/ 10
Status Breakdown
Claimed56.3%9
First seenJul 2025
Last seenDec 2025
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 18, 2026
Recent activity
Monthly attack count for walocker in the selected period
16Total attacks
7peak in Jul
5.3avg / month
↓ 4 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for walocker
- kawasa2qo7345dt7ogxmx7qmn6z2hnwaoi3h5aeosupozkddqwp6lqqd.onion
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for walocker
Other
T1486
T1486
T1490
T1490
T1078
T1078
T1021
T1021
T1547
T1547
T1562
T1562
T1080
T1080
T1059
T1059
T1030
T1030
T1021.001
T1021.001
Victims(16)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Pernec Corporation Bhd | — | MY Malaysia | Technology | Claimed | 6 months ago | |
| SMC Global Securities Ltd | — | IN India | Financial Services | Claimed | 6 months ago | |
| P***d | — | MY Malaysia | — | Claimed | 6 months ago | |
| TPPL | — | IN India | Other | Claimed | 11 months ago | |
| Seoudi Investment Group | — | EG Egypt | Other | Claimed | 11 months ago | |
| Cavelier Abogados | — | CO Colombia | Professional Services | Claimed | 11 months ago | |
| Hevea‑Cameroun S.A. | — | CM Cameroon | Other | Claimed | 11 months ago | |
| Monos Group | — | MN Mongolia | — | Claimed | 11 months ago | |
| Doi Tung Development Project | — | TH Thailand | Other | Claimed | 11 months ago | |
| U***Y | — | UY Uruguay | — | Unknown | 11 months ago | |
| T***L | — | — | — | Unknown | 11 months ago | |
| Eswatini Water Services Corporation | — | SZ Eswatini | Energy & Utilities | Unknown | 11 months ago | |
| Bela-Bela Municipality | — | ZA South Africa | Government & Defense | Unknown | 11 months ago | |
| Union Civil Service Board | — | MM Myanmar | Government & Defense | Unknown | 11 months ago | |
| Usha Martin Limited | — | IN India | Manufacturing | Unknown | 11 months ago | |
| WayUp – Brasil | — | BR Brazil | Technology | Unknown | 11 months ago |
Affected countries(22)
Countries where this group has been reported to target or leak victims.