The emergence of Gunra ransomware reveals a significant threat within the cybersecurity landscape, evolving since April 2025. This ransomware operates on both Windows and Linux, demonstrating a systematic attack strategy that has already affected numerous organizations across various sectors, particularly in the Asia-Pacific region.
Gunra’s approach involves encrypting critical files while exfiltrating sensitive information from compromised entities, followed by ransom demands accompanied by threats of public data disclosure. A unique aspect of their method is the tailored design of malware variants for each platform; Windows utilizes executable files, whereas Linux employs ELF binaries. Additionally, ASEC researchers have uncovered a critical vulnerability in the ELF version, revealing weaknesses in the ChaCha20 encryption method used, which could potentially be exploited through brute-force attacks due to its flawed random number generation process.
In contrast, the Windows version employs ChaCha8 encryption with a secure key generation API, showcasing a significant disparity in security effectiveness between the two platforms. This highlights the importance of understanding and addressing the specific vulnerabilities associated with different ransomware implementations.
👉 Pročitaj original: Cyber Security News
