Gunra Ransomware Group Unveils Efficient Linux Variant

Conclusion and security recommendations

The newly discovered Gunra ransomware Linux variant significantly broadens the ransomware group’s range for attacks, signifying its clear intent to adapt and expand beyond its original scope. This shift into the Linux environment is among the latest of this trend in the ransomware landscape: going cross-platform to widen and expand their reach, increasing potential victims.

The Linux variant shows notable features including running up to 100 encryption threads in parallel, supporting partial encryption, and even lets attackers control how much of each file gets encrypted: this makes encryption faster and more flexible. Unlike the Windows version, it skips dropping a ransom note altogether and instead focuses purely on quick and configurable file encryption, including the option to keep RSA-encrypted keys in separate keystore files.

To protect systems against Gunra ransomware and similar ransomware threats, organizations should implement a comprehensive security strategy that systematically allocates resources to establish strong defenses. The following best practices can help mitigate ransomware risks:

• Audit and inventory assets, data, devices, and event and icnident logs.
• Manage hardware and software configurations, and monitor network ports, protocols, and services.
• Activate security configurations on network infrastructure devices such as firewalls and routers.
• Conduct regular vulnerability assessments, update software and applications to latest versions, and perform patching or virtual patching for operating systems and applications.
• Regularly train and assess employees on security skills.
• Conduct red-team exercises and penetration tests.
• Use advanced detection technologies such as those powered by AI and machine learning.

Proactive security with Trend Vision One™

Trend Vision One️™ is the only AI-powered enterprise cybersecurity platform that centralizes cyber risk exposure management, security operations, and robust layered protection. This holistic approach helps enterprises predict and prevent threats, accelerating proactive security outcomes across their respective digital estate. With Trend Vision One, you’re enabled to eliminate security blind spots, focus on what matters most, and elevate security into a strategic partner for innovation, especially in the cases of novel ransomware variants as in the one discussed in this blog.

Trend Vision One ™ Threat Intelligence

To stay ahead of evolving threats, Trend customers can access Trend Vision One™ Threat Insights which provides the latest insights from Trend™ Research ™ on emerging threats and threat actors.  

Trend Vision One Threat Insights

Emerging Threats: Gunra Ransomware Goes Cross-Platform: From Windows to Linux

Trend Vision One Intelligence Reports (IOC Sweeping) 

Gunra Ransomware Goes Cross-Platform: From Windows to Linux

Hunting Queries 

Trend Vision One Search App 

Trend Vision One customers can use the Search App to match or hunt the malicious indicators mentioned in this blog post with data in their environment.    

Gunra Ransomware Encrypted Files:

eventSubId:106 AND objectFilePath:/\.ENCRT$/

More hunting queries are available for Trend Vision One customers with Threat Insights entitlement enabled. 

Indicators of Compromise (IoC)  

Download the list of IoCs here.

Read More HERE