Gunra Ransomware Targets Windows and Linux with Dual Encryption

The cybersecurity landscape continues to face persistent threats from emerging ransomware groups, with Gunra representing a significant concern since its emergence in April 2025.

This threat actor has launched systematic attacks across multiple industries and geographic regions, including documented incidents in Korea.

What makes Gunra particularly noteworthy is its dual-platform capability—the group distributes separate malware variants targeting both Windows and Linux systems, each employing distinct encryption methodologies.

Understanding these technical differences is critical for organizations developing effective incident response and threat mitigation strategies.

Gunra’s operational approach reflects a sophisticated understanding of enterprise infrastructure.

The ransomware exists in two distinct formats: an executable (EXE) file for Windows environments and an ELF (Executable and Linkable Format) binary for Linux systems.

This dual-variant strategy enables the threat group to maximize damage across heterogeneous computing environments—a common pattern among advanced ransomware operations targeting enterprises with mixed infrastructure.

The ...