Ransom & Dark Web Issues Week 1, October 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 1, October 2025 Ransomware group Qilin listed nine South Korean asset management firms as new victims within a week. Ransomware group Qilin listed a South Korean engineering services company as a new victim. Ransomware group Gunra
Analysis on the Qilin Ransomware Using Selective Encryption Algorithm
Recently, Qilin ransomware has been launching continuous attacks on companies in various countries and industries around the world, and cases of damage have also been identified in South Korea. This post analyzes the key features and encryption methods of Qilin ransomware, as well as the technical reasons why decryption is
Ransom & Dark Web Issues Week 4, September 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, September 2025 Personal information of Spanish politicians and public officials shared on DarkForums. A university application platform in South Korea listed as a new victim by the ransomware group Kill Security. Data from a
Ransom & Dark Web Issues Week 3, September 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 3, September 2025 The emergence of a new ransomware group, BlackShrantac South Korean asset management firms listed as new victims of the Qilin ransomware group A South Korean broadcasting and telecom equipment manufacturer listed as
Kawa4096 Ransomware: Leveraging Brand Mimicry for Psychological Impact
In June 2025, a new ransomware group known as Kawa4096 emerged, targeting multinational organizations across various sectors, including finance, education, and services. Their attacks have affected companies in multiple countries, notably Japan and the United States. Although there is currently no public information confirming whether they operate as a Ransomware-as-a-Service (RaaS) or
From El Dorado to BlackLock: Inside a Fast-Rising RaaS Threat
BlackLock is a relatively new ransomware group that is believed to have been established around March 2024. Their existence was publicly revealed in June 2024 when the Dedicated Leak Site (DLS) was identified. At that time, information on multiple affected companies had already been posted, suggesting that the gang had
Ransom & Dark Web Issues Week 2, September 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 2, September 2025 Financial Institution Data from Poland and Central Europe Listed for Sale on DarkForums Gunra Ransomware Targets Korean Manufacturer Emergence of Four New Ransomware Groups: Obscura, Yurei, The Gentlemen, Radar
Trigona Rebranding Suspicions and Global Threats, and BlackNevas Ransomware Analysis
BlackNevas has been continuously launching ransomware attacks against companies in various industries and countries, including South Korea. This post provides a technical analysis on the characteristics, encryption methods, and reasons why BlackNevas encrypts files in a way that makes them impossible to decrypt. It is hoped that this post will
CyberVolk Ransomware: Analysis of Double Encryption Structure and Disguised Decryption Logic
The CyberVolk ransomware, which first emerged in May 2024, has been launching attacks on public institutions and key infrastructures of various countries, posing a continuous threat. The ransomware is particularly notable for its pro-Russia nature, as it primarily targets anti-Russian countries, making it a geopolitically significant cyber threat. This post
Ransom & Dark Web Issues Week 4, August 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, August 2025 Qilin Targets Japanese Automotive Design Firm in Ransomware Attack Attempt to Sell South Korean Local Government Data on DarkForums Raises Credibility Concerns Emerging Ransomware Group Cephalus Hits at Least 9 Organizations, Reveals Victims via
