Threats Behind the Mask of Gentlemen Ransomware
Gentlemen is a new ransomware group first identified around August 2025. The group operates a double extortion model that involves breaching corporate networks, exfiltrating data, encrypting the data, and then using the encrypted data to extort victims. During the breach, the group employs typical tactics seen in advanced ransomware groups,
Ransom & Dark Web Issues Week 1, December 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 1, December 2025. Source code from a South Korean AI solution company, shared on DarkForums Nova (RALord) targets a South Korean industrial equipment manufacturer with ransomware attack PLAY targets a South Korean auto parts manufacturer with
2025 Ransomware Threat Landscape: Impact on Korean Enterprises
Overview and Background The number of ransomware attacks has been increasing worldwide in recent years, and Korean companies are not exempt from this trend. The situation is particularly acute in Asia, where ransomware attacks have surged since 2023. This growing trend has prompted a need for a systematic analysis
Ransom & Dark Web Issues Week 4, November 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, November 2025 Qilin ransomware group claims attack on a Japanese company providing automotive financial services. Everest ransomware group launches data exfiltration attack against Spain’s largest airline. Access to internal systems of Saudi Arabia’s state-owned airport operator
Ransom & Dark Web Issues Week 3, Novermber 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 3, Novermber 2025 DireWolf launches ransomware attack against a Pakistani automobile assembly and sales company Massive data leak of major South Korean companies on DarkForums [1], [2], [3], [4] Akira ransomware group threatens data leak
Analysis of Encryption Structure of Yurei Ransomware Go-based Builder
The Yurei ransomware group is a new group that was first publicly identified in early September 2025. This group adopts a typical ransomware operation model that infiltrates corporate networks, encrypts data, deletes backups, and then demands a ransom for the stolen information. While there is no clear evidence of their
An Unerring Spear: Cephalus Ransomware Analysis
Cephalus is a new ransomware group that first appeared in mid-June 2025. The group claims that they are motivated 100% by financial gain. Their main method of breaching organizations is by stealing credentials through Remote Desktop Protocol (RDP) accounts that do not have multi-factor authentication (MFA) enabled. Their operation is
Ransom & Dark Web Issues Week 5, October 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 5, October 2025 A South Korean food manufacturing and processing company has been listed as a new victim by the ransomware group RansomHouse. The Data Extortion group Coinbase Cartel claims to have leaked the entire source
Ransom & Dark Web Issues Week 4, October 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, October 2025 Black Shrantac Lists a South Korean Cybersecurity Firm as Its Victim Qilin Targets South Korean Financial Intelligence Firm in Ransomware Attack Ransomware Attack Causes System Outage at Major Japanese Online Retailer Online
The Beast Ransomware Hidden in the GUI
The Beast ransomware group is a group that evolved from the Monster ransomware strain. They emerged as a Ransomware-as-a-Service (RaaS) in February 2025, and officially launched their Tor-based data leak site in July. As of August 2025, they have publicly disclosed 16 victim organizations from the United States, Europe, Asia,
