New Gunra Ransomware Targets Windows Systems, Encrypts Files, and Erases Shadow Copies

AhnLab’s Threat Intelligence Platform (TIP) has been instrumental in monitoring ransomware activities across dark web forums and marketplaces.

Through its Live View > Dark Web Watch feature, security teams can track active groups, their collaborations, and emerging attack vectors, allowing organizations to preemptively bolster defenses.

During the first half of 2025, a surge in new Dedicated Leak Sites (DLS) has been observed, with AhnLab identifying several from February to June. Notably, the Gunra ransomware group emerged in April 2025, establishing its DLS and drawing attention due to its sophisticated tactics.

Initial activities were traced back to April 10, 2025, revealing code similarities to the notorious Conti ransomware, a Russia-based operation active since 2020.

Conti’s legacy includes aggressive campaigns that disrupted global entities, but its downfall came in February 2022 when a Ukrainian affiliate leaked internal documents and source code in protest against the group’s pro-Russian stance.

This ...