GUNRA RANSOMWARE: What You Don’t Know!

Gunra Ransomware is a double-extortion ransomware group active since April 2025 that targets primarily non-US organizations across multiple industries and countries; the report details their evolving data leak sites (TOR and clearnet), WhatsApp-themed negotiation portals, sample analyses (Windows EXE and ELF Linux builds), use of DoNoT loader routines, and associated tooling (e.g., Lumma stealer). The research includes victimology (18 victims noted), ransom negotiations and payment behavior, technical artifacts (encryption via Salsa20/ChaCha20, shadow-copy deletion patterns, mutexes), comprehensive IOCs (TOR domains, MD5 hashes, IP, emails, URLs), and mapped MITRE ATT&CK techniques to support detection and response.