Ransom & Dark Web Issues Week 4, November 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, November 2025 Qilin ransomware group claims attack on a Japanese company providing automotive financial services. Everest ransomware group launches data exfiltration attack against Spain’s largest airline. Access to internal systems of Saudi Arabia’s state-owned airport operator
October 2025 Threat Trend Report on Ransomware
This report provides the number of affected systems identified and statistics related to DLS-based ransomware, as well as major ransomware issues in and out of Korea in October 2025. The following is a summary of the report. The statistics on the number of ransomware samples and affected systems use
Ransom & Dark Web Issues Week 5, October 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 5, October 2025 A South Korean food manufacturing and processing company has been listed as a new victim by the ransomware group RansomHouse. The Data Extortion group Coinbase Cartel claims to have leaked the entire source
Analysis of Qilin Ransomware Using Selective Encryption Algorithm (Distributed Targeting Linux, ELF Type)
There has recently been a surge in the tendency for attacks targeting Korean asset and investment management companies. As described in this report, the ransomware encrypts files with an AES symmetric key and then encrypts that AES symmetric key with an RSA public key. This means that the possibility of
September 2025 Threat Trend Report on Ransomware
This report provides information on the number of systems affected during the month of September 2025, statistics related to the DLS-based ransomware, and key ransomware issues from around the world. Below is a summary of the report. The statistics on the number of ransomware samples and affected systems are
Ransom & Dark Web Issues Week 3, October 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 3, October 2025 New ransomware groups Kyber, Nasir Security, Kryptos, Tengu, and VFVCT (V For Vendetta Cyber Team) have emerged. Data from a South Korean website-building platform is being sold on the cybercrime forum DarkForums.
Ransom & Dark Web Issues Week 1, October 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 1, October 2025 Ransomware group Qilin listed nine South Korean asset management firms as new victims within a week. Ransomware group Qilin listed a South Korean engineering services company as a new victim. Ransomware group Gunra
Analysis on the Qilin Ransomware Using Selective Encryption Algorithm
Recently, Qilin ransomware has been launching continuous attacks on companies in various countries and industries around the world, and cases of damage have also been identified in South Korea. This post analyzes the key features and encryption methods of Qilin ransomware, as well as the technical reasons why decryption is
Ransom & Dark Web Issues Week 3, September 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 3, September 2025 The emergence of a new ransomware group, BlackShrantac South Korean asset management firms listed as new victims of the Qilin ransomware group A South Korean broadcasting and telecom equipment manufacturer listed as
Kawa4096 Ransomware: Leveraging Brand Mimicry for Psychological Impact
In June 2025, a new ransomware group known as Kawa4096 emerged, targeting multinational organizations across various sectors, including finance, education, and services. Their attacks have affected companies in multiple countries, notably Japan and the United States. Although there is currently no public information confirming whether they operate as a Ransomware-as-a-Service (RaaS) or
