The emerging cybercriminal gang, which initially targeted Microsoft Windows systems, is looking to go cross-platform using sophisticated, multithread encryption.
July 30, 2025 By Elizabeth Montalbano
An emerging ransomware cybercriminal group is putting its own twist on file encryption, with a Linux variant of its malware that can run up to 100 encryption threads in parallel and supports partial encryption.
The Gunra ransomware group first came onto the cybercriminal scene in April, with techniques targeting Windows systems that were inspired by the now-defunct Conti group, according to Trend Micro. The group, which published stolen data on a leak site, recently came out with a Linux variant that demonstrates their interest in expanding their enterprise with cross-platform targeting, according to a blog post published today.
The variant also features a new encryption method for the group that gives them even more control over how much of a file gets encrypted, and offers an option to keep RSA-encrypted keys in separate keystore files, Trend Micro threat researchers Jeffrey Francis Bonaobra, Melvin Singwa, and Emmanuel Panopio wrote in the post.
