In June 2025, there was an increase in new ransomware samples compared to May, with data collected from AhnLab detections and ransomware group leak sites. The report includes statistics on ransomware samples, affected systems, and companies impacted by various ransomware groups globally, including Korea. #AhnLab #ATIP #DedicatedLeakSites
Keypoints
- The number of new ransomware samples in June 2025 showed a rising trend compared to May 2025.
- Statistics on ransomware samples and affected systems were based on detection names from AhnLab.
- Data on affected companies was collected from Dedicated Leak Sites (DLS) used by ransomware groups, aggregated in the ATIP infrastructure.
- Some ransomware groups had incomplete or delayed data collection on affected companies.
- Information includes publicly disclosed affected companies listed by various ransomware groups.
- Examples of ransomware sample file hashes (MD5) were provided for reference.
- The report covers both domestic (Korean) and international ransomware issues.
MITRE Techniques
- [T1486] Data Encrypted for Impact – Ransomware activity implies encryption of data to disrupt operations. ‘The report includes statistics on ransomware samples, affected systems, and companies impacted by various ransomware groups globally, including Korea.’
- [T1041] Exfiltration Over C2 – Public data leaks on Dedicated Leak Sites indicate data exfiltration by ransomware groups. ‘Dedicated Leak Sites (DLS) used by ransomware groups’
Indicators of Compromise
- [File Hashes] Examples of ransomware sample MD5 hashes – 081f2eeaefe9b51a6f2d2b59eef01b06, 0c955e9620b7b6147e56096d17161dda, and 3 more hashes
Read more: https://asec.ahnlab.com/en/89032/