Ransom & Dark Web Issues Week 1, January 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 1, January 2026 South Korean University Website Data Shared on DarkForums Saudi Arabian Employment Platform Data Sold on BreachForums and DarkForums Recent Security Activity Involving the Ransomware Group Vect
In-Depth Analysis Report on LockBit 5.0: Operation and Countermeasures
Since its first appearance in September 2019, LockBit has been known as one of the most notorious and active Ransomware-as-a-Service (RaaS) groups worldwide. LockBit operates on the RaaS model and is characterized by sophisticated encryption technology and automated propagation capabilities. Initial access is typically gained through vulnerability exploits, brute force
Ransom & Dark Web Issues Week 2, December 2025
ASEC Blog publishes Ransom & Dark Web Issues Weeks 2, December 2025. Source code from a South Korean camping reservation platform sold on DarkForums LockBit 5.0 targets 25 companies worldwide with ransomware attack Agencies from USA and Europe escalate pressure on pro-Russian hacktivists
Threats Behind the Mask of Gentlemen Ransomware
Gentlemen is a new ransomware group first identified around August 2025. The group operates a double extortion model that involves breaching corporate networks, exfiltrating data, encrypting the data, and then using the encrypted data to extort victims. During the breach, the group employs typical tactics seen in advanced ransomware groups,
Ransom & Dark Web Issues Week 1, December 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 1, December 2025. Source code from a South Korean AI solution company, shared on DarkForums Nova (RALord) targets a South Korean industrial equipment manufacturer with ransomware attack PLAY targets a South Korean auto parts manufacturer with
2025 Ransomware Threat Landscape: Impact on Korean Enterprises
Overview and Background The number of ransomware attacks has been increasing worldwide in recent years, and Korean companies are not exempt from this trend. The situation is particularly acute in Asia, where ransomware attacks have surged since 2023. This growing trend has prompted a need for a systematic analysis
Ransom & Dark Web Issues Week 4, November 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, November 2025 Qilin ransomware group claims attack on a Japanese company providing automotive financial services. Everest ransomware group launches data exfiltration attack against Spain’s largest airline. Access to internal systems of Saudi Arabia’s state-owned airport operator
Ransom & Dark Web Issues Week 3, Novermber 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 3, Novermber 2025 DireWolf launches ransomware attack against a Pakistani automobile assembly and sales company Massive data leak of major South Korean companies on DarkForums [1], [2], [3], [4] Akira ransomware group threatens data leak
Ransom & Dark Web Issues Week 2, Novermber 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 2, Novermber 2025 CLOP (CL0P), a ransomware group, has listed major global corporations and government agencies as victims. Data from Japan’s largest research institution shared on DarkForums. Emergence of a new ransomware and data exfiltration group
Analysis of Encryption Structure of Yurei Ransomware Go-based Builder
The Yurei ransomware group is a new group that was first publicly identified in early September 2025. This group adopts a typical ransomware operation model that infiltrates corporate networks, encrypts data, deletes backups, and then demands a ransom for the stolen information. While there is no clear evidence of their
