2025 Ransomware Threat Landscape: Impact on Korean Enterprises
Overview and Background The number of ransomware attacks has been increasing worldwide in recent years, and Korean companies are not exempt from this trend. The situation is particularly acute in Asia, where ransomware attacks have surged since 2023. This growing trend has prompted a need for a systematic analysis
Ransom & Dark Web Issues Week 4, November 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, November 2025 Qilin ransomware group claims attack on a Japanese company providing automotive financial services. Everest ransomware group launches data exfiltration attack against Spain’s largest airline. Access to internal systems of Saudi Arabia’s state-owned airport operator
Ransom & Dark Web Issues Week 3, Novermber 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 3, Novermber 2025 DireWolf launches ransomware attack against a Pakistani automobile assembly and sales company Massive data leak of major South Korean companies on DarkForums [1], [2], [3], [4] Akira ransomware group threatens data leak
Ransom & Dark Web Issues Week 2, Novermber 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 2, Novermber 2025 CLOP (CL0P), a ransomware group, has listed major global corporations and government agencies as victims. Data from Japan’s largest research institution shared on DarkForums. Emergence of a new ransomware and data exfiltration group
Analysis of Encryption Structure of Yurei Ransomware Go-based Builder
The Yurei ransomware group is a new group that was first publicly identified in early September 2025. This group adopts a typical ransomware operation model that infiltrates corporate networks, encrypts data, deletes backups, and then demands a ransom for the stolen information. While there is no clear evidence of their
An Unerring Spear: Cephalus Ransomware Analysis
Cephalus is a new ransomware group that first appeared in mid-June 2025. The group claims that they are motivated 100% by financial gain. Their main method of breaching organizations is by stealing credentials through Remote Desktop Protocol (RDP) accounts that do not have multi-factor authentication (MFA) enabled. Their operation is
Ransom & Dark Web Issues Week 5, October 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 5, October 2025 A South Korean food manufacturing and processing company has been listed as a new victim by the ransomware group RansomHouse. The Data Extortion group Coinbase Cartel claims to have leaked the entire source
Analysis of Trigona Threat Actor’s Latest Attack Cases
AhnLab SEcurity intelligence Center (ASEC) has covered the case of Trigona threat actors attacking MS-SQL servers in the past post, “Trigona Ransomware Threat Actor Uses Mimic Ransomware.”[1] In the attack cases, both Trigona and Mimic ransomware were used. However, while the email address used by the threat actor in the
Ransom & Dark Web Issues Week 4, October 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, October 2025 Black Shrantac Lists a South Korean Cybersecurity Firm as Its Victim Qilin Targets South Korean Financial Intelligence Firm in Ransomware Attack Ransomware Attack Causes System Outage at Major Japanese Online Retailer Online
The Beast Ransomware Hidden in the GUI
The Beast ransomware group is a group that evolved from the Monster ransomware strain. They emerged as a Ransomware-as-a-Service (RaaS) in February 2025, and officially launched their Tor-based data leak site in July. As of August 2025, they have publicly disclosed 16 victim organizations from the United States, Europe, Asia,
