Warning About NightSpire Ransomware Following Cases of Damage in South Korea
NightSpire operates a DLS (Dedicated Leak Site) and posts a countdown timer for the public release of information and data about victims. The group is known for using highly threatening language for their cyber extortion. This post describes the analysis and characteristics of NightSpire ransomware. 1. Overview 1.1. NightSpire
Interlock Ransomware’s Targeted Attacks on Companies
Summary About Interlock – Appeared at the end of September 2024 – Ransomware attacks targeting companies in various countries and industries worldwide – Recently, there have also been ransomware attacks in various industries such as healthcare, education, and public institutions (e.g., DaVita, Andretti Indoor Karting & Games) – Uses unclear
Underground Ransomware Targeting Korean Companies
The Underground ransomware gang is launching continuous ransomware attacks against companies in various countries and industries, including South Korea. This post describes the analysis and characteristics of the Underground ransomware. 1. Overview 1.1 Team Underground The ransomware strain operated by the group known as Underground was first identified in
Ransom & Dark Web Issues Week 3, August 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 3, August 2025 WARLOCK launched a ransomware attack targeting a telecommunications provider in France. The pro-Israeli hacktivist group “313 Team” claims to have conducted DDoS attacks against nine institutions in Saudi Arabia. Qilin carried out
Gunra Ransomware Emerges with New DLS
AhnLab TIP monitors the current ransomware group activities across dark web forums, marketplaces, and other sources. Through the Live View > Dark Web Watch menu, users can track the most active ransomware groups, uncover their collaborations, and gain insights into planned attacks and techniques—enabling user organizations to anticipate threats, prepare
June 2025 Threat Trend Report on Ransomware
This report provides statistics on the number of new ransomware samples and affected systems, and affected companies that were collected in June 2025, as well as major ransomware issues in and out of Korea. Below is a summary of the information. The statistics on the number of ransomware samples
Ransom & Dark Web Issues Week 2, July 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 2, July 2025 Announcement of the shutdown and rebranding of the ransomware group Hunters International Emergence of multiple new ransomware groups and rebrands, DLS renewal and reactivation Sudden shutdown announcement alongside the ransomware group SatanLock
Ransom & Dark Web Issues Week 1, July 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 1, July 2025 A new ransomware group named Kawa4096 Tonga’s Ministry of Health hit by INC RANSOM ransomware attack User data from three cryptocurrency exchanges in Austria, globally, and South Korea traded on two cybercrime forums
May 2025 Threat Trend Report on Ransomware
This report provides statistics on the number of new ransomware samples collected, the number of affected systems, and affected companies in May 2025, as well as key ransomware issues in Korea and abroad. The following is a summary of the report. Disclaimer: The number of ransomware samples and damaged
Ransom & Dark Web Issues Week 2, June 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 2, June 2025 1.1 million customer records from a South Korean mobile coupon platform company are being sold on the DarkWeb forums French government agencies have been listed as new victims
