-r” or “ratio” parameter. The “-l” or the “limit” parameter is used to control how much of the file gets encrypted. If no value is provided, the entire file is encrypted,” Trend Micro added.Additionally, the variant offers flexible key-storage options for RSA-encrypted keys. Using the “-s” or ““, store” parameter makes the ransomware save each file’s RSA-encrypted blob in a separate keystore file rather than appending it to the encrypted file. Trend Micro notes Gunra’s shift to Linux environments as part of a broader trend spotted in the ransomware landscape. It said many ransomware groups are “going cross-platform to widen and expand their reach, increasing potential victims,” Trend Micro noted.From mid-2022 to early 2023, several ransomware familiesincluding BlackBasta, Hive, Luna, and Clop, released Linux encryptors designed specifically for VMware ESXi platforms.Targeting multi-OS environments is raising the stakes for enterprises with hybrid infrastructure. Trend Micro recommends tightening asset inventories, hardening configurations, patching systems promptly, and enabling robust endpoint detection across both Windows and Linux systems. The group’s growing impact was underscored by its recent breach of American Hospital Dubai, where Gunra reportedly leaked around 40 TB of sensitive data, marking one of its largest known attacks to date.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4031282/ransomware-upstart-gunra-goes-cross-platform-with-encryption-upgrades.html
