Skip to content
Killsec Ransomware
Under attack by ransomware or suffering a cyber breach?
Speed is critical when facing a live cyber attack. If you believe you’ve been compromised, by the Killsec ransomware group or another threat actor - contact us immediately.
About Killsec ransomware group
Emerging in mid-2023, Killsec has rapidly gained notoriety for its sophisticated attack methods and high-profile targets. Often targeting leading healthcare technology platforms, prominent insurance providers based in various regions, and state-owned commercial banks offering critical banking services. Killsec’s attacks have been meticulously planned and devastating in execution.
An infection with Killsec, like any ransomware group, results in your systems being locked and your data encrypted. Victims are then presented with a ransom note demanding payment, typically in cryptocurrency, in exchange for access and to prevent stolen data from being leaked online.
This is part of a growing trend of ransomware as a service, where tools used by Killsec may be sold or leased to affiliates. It’s not uncommon for such attacks to also compromise digital platforms specialising in document workflows or online banking, amplifying the scale of impact.
What we can help with:
- Encrypted files & ransomware data recovery
- Incident response and containment
- Secure data restoration and system recovery
- Use of ransomware decryption tools and data recovery software
- Development of incident response plans and disaster recovery solutions
- Post-incident reviews and security hardening
Request a call back
If your organisation has been infected with ransomware contact us immediately.
How Killsec operators work
Killsec is notorious for attacking India’s leading healthcare institutions, where it exfiltrates sensitive patient records and demands massive ransom payments. The ransomware group has also disrupted virtual pet care services, wellness technology companies focused on health and wellness, and food delivery apps, exploiting vulnerabilities in digital platforms and consumer electronics infrastructures. These attacks are often timed to coincide with high-traffic events such as wedding company launches or day event insurance activations, maximising leverage over victims.
Their choice of targets highlights a focus on critical systems that support everyday life. From law enforcement agencies to investment companies promising secure and profitable investments, Killsec demonstrates strategic intent in undermining trust in digital ecosystems. Several victims have been identified in the romanian taxi market, bangladeshi payment systems, and even belgian cooperative insurance groups, demonstrating Killsec’s international reach and ambition to destabilise both traditional and digital economies.
Moreover, reports have confirmed Killsec has attempted to infiltrate tech-enabled logistics companies, online shopping platforms offering accessories online, and leading digital automotive platforms by compromising electronic invoice systems and exploiting software vulnerabilities in dedicated platforms used to efficiently manage document workflows.
We are equipped to deal with an attack from any ransomware group.
Don’t hesitate to contact us if you are under attack from a ransomware group not listed above.
Recognising a Killsec attack
Victims are then threatened with the public release of sensitive data unless they meet the ransom demands, typically in cryptocurrency. In some high-profile attacks, Killsec has used additional coercion tactics such as distributed denial-of-service (DDoS) attacks and website defacement, a method that particularly impacts online banking services and e-commerce platforms that rely on uptime and user trust.
One unique tactic observed in 2024 involved targeting companies that publish personalised calendars or send multi-recipient signatures, exploiting shared cloud-based platforms to move laterally through networks. They’ve also attacked systems offering tailored dietary plans, and platforms used by healthcare practitioners and employers rely on for medical control and wellness tracking.
Killsec also shows a pattern of hitting companies after launching or announcing an innovative digital project launched, as seen in attacks on pioneering service providers specializing in digital solutions or those introducing a fully cashless OPD solution. These moments of innovation present ideal opportunities for exploitation, as IT teams are often stretched thin or focused on go-live efforts.
Why you must not interfere with your ransomware environment
If you discover a physical break-in at your offices, your first instinct would be to call the police; touch nothing and let them search for clues. Then, your focus would shift to restoring business operations.
A cyber-attack requires the same approach. Your digital environment is a CRIME SCENE. It is crucial to leave the environment untouched to allow for a forensic investigation.
This is not a task for your IT team or MSP. Digital Forensic specialists are available 24/7 to assist you, just like in a physical crime.
| description | Sector | Date Discovered | Attack Date | Country | Screenshot |
|---|---|---|---|---|---|
| Business Services | 14/05/2026 02:53 AM | 14/05/2026 02:53 AM | US | ||
| Business Services | 09/05/2026 08:48 AM | 09/05/2026 08:48 AM | NG | ||
| Financial Services | 01/05/2026 12:54 PM | 01/05/2026 12:54 PM | JP | ||
| Healthcare | 17/03/2026 10:45 PM | 17/03/2026 10:44 PM | BR | ||
| Manufacturing | 17/03/2026 10:44 PM | 17/03/2026 10:44 PM | IL | ||
| Healthcare | 14/03/2026 06:39 AM | 14/03/2026 06:39 AM | |||
| Financial Services | 14/03/2026 06:39 AM | 14/03/2026 06:39 AM | |||
| Not Found | 11/03/2026 06:05 AM | 11/03/2026 06:05 AM | IL | ||
| Not Found | 06/03/2026 03:10 AM | 06/03/2026 03:10 AM | KR | ||
| Healthcare | 06/03/2026 03:10 AM | 06/03/2026 03:10 AM | US | ||
| Transportation/Logistics | 06/03/2026 03:09 AM | 06/03/2026 03:09 AM | US | ||
| Education | 25/02/2026 12:13 AM | 25/02/2026 12:13 AM | RO | ||
| Consumer Services | 21/02/2026 07:12 AM | 21/02/2026 07:12 AM | US | ||
| Technology | 17/02/2026 02:20 AM | 17/02/2026 02:20 AM | ES | ||
| Not Found | 09/02/2026 01:29 AM | 09/02/2026 01:29 AM | NG | ||
| Consumer Services | 04/02/2026 11:10 PM | 04/02/2026 11:10 PM | US | ||
| Technology | 23/01/2026 10:26 PM | 23/01/2026 10:26 PM | US | ||
| Public Sector | 10/01/2026 04:04 AM | 10/01/2026 04:04 AM | US | ||
| Education | 24/12/2025 11:55 PM | 24/12/2025 11:55 PM | US | ||
| Public Sector | 15/12/2025 03:19 AM | 15/12/2025 03:19 AM | BR | ||
| Financial Services | 14/12/2025 01:53 AM | 14/12/2025 01:52 AM | GB | ||
| Technology | 09/12/2025 12:24 AM | 09/12/2025 12:24 AM | IN | ||
| Business Services | 09/12/2025 12:24 AM | 09/12/2025 12:24 AM | IN | ||
| Not Found | 09/12/2025 12:24 AM | 09/12/2025 12:24 AM | IN | ||
| Not Found | 09/12/2025 12:24 AM | 09/12/2025 12:24 AM | GB | ||
| Transportation/Logistics | 09/12/2025 12:23 AM | 09/12/2025 12:23 AM | IN | ||
| Public Sector | 27/11/2025 04:22 AM | 27/11/2025 04:22 AM | CO | ||
| Financial Services | 15/11/2025 12:02 PM | 15/11/2025 12:02 PM | US | ||
| Education | 23/10/2025 04:19 PM | 23/10/2025 04:19 PM | RO | ||
| Agriculture and Food Production | 23/10/2025 04:19 PM | 23/10/2025 04:19 PM | US | ||
| Hospitality and Tourism | 23/10/2025 04:19 PM | 23/10/2025 04:19 PM | US | ||
| Manufacturing | 23/10/2025 04:19 PM | 23/10/2025 04:19 PM | US | ||
| Financial Services | 23/10/2025 04:19 PM | 23/10/2025 04:19 PM | IN | ||
| Technology | 23/10/2025 04:18 PM | 23/10/2025 04:18 PM | CA | ||
| Technology | 23/10/2025 04:18 PM | 23/10/2025 04:18 PM | US | ||
| Business Services | 23/10/2025 04:17 PM | 23/10/2025 04:17 PM | US | ||
| Not Found | 04/10/2025 07:48 PM | 04/10/2025 07:48 PM | |||
| Technology | 28/09/2025 09:21 PM | 28/09/2025 09:21 PM | ID | ||
| Financial Services | 28/09/2025 07:19 PM | 28/09/2025 07:18 PM | VG | ||
| Education | 25/09/2025 02:57 PM | 25/09/2025 02:56 PM | US | ||
| Technology | 22/09/2025 09:26 AM | 22/09/2025 09:25 AM | CA | ||
| Not Found | 22/09/2025 09:25 AM | 22/09/2025 09:24 AM | GB | ||
| Not Found | 22/09/2025 09:24 AM | 22/09/2025 09:24 AM | US | ||
| Not Found | 22/09/2025 09:23 AM | 22/09/2025 09:23 AM | PL | ||
| Financial Services | 22/09/2025 09:23 AM | 22/09/2025 09:22 AM | AE | ||
| Not Found | 22/09/2025 09:22 AM | 22/09/2025 09:22 AM | GR | ||
| Not Found | 22/09/2025 09:21 AM | 22/09/2025 09:21 AM | |||
| Not Found | 22/09/2025 09:20 AM | 22/09/2025 09:20 AM | US | ||
| Not Found | 22/09/2025 09:20 AM | 22/09/2025 09:19 AM | KR | ||
| Consumer Services | 22/09/2025 09:19 AM | 22/09/2025 09:18 AM | FR | ||
| Not Found | 22/09/2025 09:18 AM | 22/09/2025 09:18 AM | BE | ||
| Healthcare | 16/09/2025 07:22 AM | 16/09/2025 07:21 AM | AU | ||
| Not Found | 15/09/2025 09:55 AM | 15/09/2025 09:55 AM | AE | ||
| Hospitality and Tourism | 11/09/2025 11:16 AM | 11/09/2025 11:16 AM | |||
| Financial Services | 10/09/2025 04:51 PM | 10/09/2025 04:50 PM | NG | ||
| Transportation/Logistics | 10/09/2025 04:50 PM | 10/09/2025 04:49 PM | TH | ||
| Education | 10/09/2025 04:49 PM | 10/09/2025 04:48 PM | US | ||
| Not Found | 10/09/2025 03:43 PM | 10/09/2025 03:43 PM | US | ||
| Not Found | 10/09/2025 03:42 PM | 10/09/2025 03:42 PM | |||
| Education | 10/09/2025 02:16 PM | 10/09/2025 02:15 PM | US | ||
| Healthcare | 09/09/2025 06:14 AM | 09/09/2025 06:13 AM | US | ||
| Not Found | 09/09/2025 06:12 AM | 09/09/2025 06:11 AM | AE | ||
| Not Found | 07/09/2025 03:50 PM | 07/09/2025 03:49 PM | |||
| Technology | 07/09/2025 06:13 AM | 07/09/2025 06:13 AM | US | ||
| Healthcare | 07/09/2025 06:13 AM | 07/09/2025 06:12 AM | US | ||
| Healthcare | 06/09/2025 12:46 PM | 06/09/2025 12:46 PM | PE | ||
| Technology | 06/09/2025 11:54 AM | 06/09/2025 11:52 AM | IN | ||
| Healthcare | 06/09/2025 11:51 AM | 06/09/2025 11:51 AM | CO | ||
| Healthcare | 06/09/2025 09:46 AM | 06/09/2025 09:46 AM | BR | ||
| Technology | 20/08/2025 12:37 PM | 20/08/2025 12:37 PM | US | ||
| Healthcare | 19/08/2025 09:49 AM | 19/08/2025 09:49 AM | MX | ||
| Transportation/Logistics | 14/06/2025 01:21 AM | 14/06/2025 01:20 AM | IN | ||
| Education | 14/06/2025 01:19 AM | 14/06/2025 01:18 AM | IN | ||
| Manufacturing | 26/05/2025 12:51 AM | 26/05/2025 12:49 AM | US | ||
| Not Found | 26/05/2025 12:49 AM | 26/05/2025 12:48 AM | IT | ||
| Construction | 25/05/2025 11:19 PM | 25/05/2025 11:18 PM | US | ||
| Healthcare | 20/05/2025 12:59 AM | 20/05/2025 12:58 AM | BW | ||
| Technology | 05/05/2025 11:05 PM | 05/05/2025 11:04 PM | IN | ||
| Technology | 17/04/2025 02:18 PM | 17/04/2025 02:16 PM | CN | ||
| Construction | 02/04/2025 07:58 AM | 02/04/2025 07:57 AM | CH | ||
| Public Sector | 02/04/2025 07:57 AM | 02/04/2025 07:56 AM | SA | ||
| Construction | 02/04/2025 07:55 AM | 02/04/2025 07:54 AM | GB | ||
| Business Services | 02/04/2025 06:28 AM | 02/04/2025 06:27 AM | US | ||
| Healthcare | 02/04/2025 06:27 AM | 02/04/2025 06:25 AM | US | ||
| Consumer Services | 01/04/2025 08:10 AM | 01/04/2025 08:08 AM | DE | ||
| Technology | 01/04/2025 08:08 AM | 01/04/2025 08:07 AM | US | ||
| Technology | 01/04/2025 08:06 AM | 01/04/2025 08:05 AM | IE | ||
| Technology | 01/04/2025 06:43 AM | 01/04/2025 06:42 AM | BR | ||
| Manufacturing | 01/04/2025 06:42 AM | 01/04/2025 06:41 AM | |||
| Business Services | 01/04/2025 06:40 AM | 01/04/2025 06:39 AM | US | ||
| Consumer Services | 01/04/2025 06:39 AM | 01/04/2025 06:37 AM | AU | ||
| Financial Services | 01/04/2025 06:37 AM | 01/04/2025 06:36 AM | GB | ||
| Construction | 01/04/2025 06:35 AM | 01/04/2025 06:34 AM | CH | ||
| Manufacturing | 01/04/2025 12:11 AM | 01/04/2025 12:09 AM | US | ||
| Manufacturing | 01/04/2025 12:09 AM | 01/04/2025 12:08 AM | AU | ||
| Energy | 01/04/2025 12:07 AM | 01/04/2025 12:06 AM | US | ||
| Business Services | 01/04/2025 12:06 AM | 01/04/2025 12:05 AM | US | ||
| Consumer Services | 01/04/2025 12:04 AM | 01/04/2025 12:03 AM | |||
| Business Services | 31/03/2025 04:11 PM | 31/03/2025 04:10 PM | US | ||
| Technology | 31/03/2025 04:10 PM | 31/03/2025 04:08 PM | NL | ||
| Not Found | 31/03/2025 04:08 PM | 31/03/2025 04:07 PM | US | ||
| Healthcare | 28/03/2025 07:25 AM | 28/03/2025 07:24 AM | IN | ||
| Financial Services | 23/03/2025 05:00 PM | 23/03/2025 04:59 PM | |||
| Healthcare | 22/03/2025 05:27 PM | 22/03/2025 05:26 PM | IN | ||
| Not Found | 22/03/2025 04:46 PM | 22/03/2025 04:45 PM | |||
| Financial Services | 21/03/2025 03:45 PM | 21/03/2025 03:44 PM | KY | ||
| Healthcare | 21/03/2025 12:02 PM | 21/03/2025 12:01 PM | DE | ||
| Consumer Services | 20/03/2025 03:35 PM | 20/03/2025 03:34 PM | US | ||
| Technology | 20/03/2025 03:33 PM | 20/03/2025 03:32 PM | US | ||
| Healthcare | 20/03/2025 03:32 PM | 20/03/2025 03:30 PM | AR | ||
| Business Services | 18/03/2025 06:59 AM | 18/03/2025 06:58 AM | US | ||
| Financial Services | 11/03/2025 10:03 PM | 11/03/2025 10:02 PM | US | ||
| Technology | 11/03/2025 10:02 PM | 11/03/2025 10:00 PM | |||
| Hospitality and Tourism | 04/03/2025 10:34 AM | 04/03/2025 10:32 AM | AU | ||
| Business Services | 02/03/2025 05:21 PM | 02/03/2025 05:19 PM | NG | ||
| Not Found | 23/02/2025 05:25 PM | 23/02/2025 05:23 PM | EG | ||
| Technology | 23/02/2025 05:23 PM | 23/02/2025 05:21 PM | US | ||
| Education | 23/02/2025 05:21 PM | 23/02/2025 05:20 PM | US | ||
| Business Services | 23/02/2025 05:19 PM | 23/02/2025 05:18 PM | GB | ||
| Healthcare | 20/02/2025 08:59 PM | 20/02/2025 08:58 PM | MX | ||
| Business Services | 19/02/2025 01:28 PM | 19/02/2025 01:27 PM | US | ||
| Business Services | 19/02/2025 01:27 PM | 19/02/2025 01:25 PM | IN | ||
| Financial Services | 19/02/2025 06:03 AM | 19/02/2025 06:02 AM | CA | ||
| Not Found | 19/02/2025 06:02 AM | 19/02/2025 06:00 AM | GB | ||
| Not Found | 19/02/2025 06:00 AM | 26/06/2024 04:53 PM | |||
| Education | 19/02/2025 05:58 AM | 19/02/2025 05:57 AM | US | ||
| Technology | 19/02/2025 05:57 AM | 19/02/2025 05:55 AM | FI | ||
| Healthcare | 12/02/2025 11:53 PM | 12/02/2025 11:52 PM | NZ | ||
| Business Services | 11/02/2025 05:37 AM | 11/02/2025 05:36 AM | IN | ||
| Not Found | 11/02/2025 04:19 AM | 21/02/2024 10:00 AM | MX | ||
| Not Found | 10/02/2025 07:00 PM | 10/02/2025 06:59 PM | |||
| Financial Services | 10/02/2025 03:31 PM | 10/02/2025 03:30 PM | |||
| Education | 10/02/2025 03:30 PM | 10/02/2025 03:28 PM | IN | ||
| Education | 10/02/2025 12:19 PM | 10/02/2025 12:17 PM | AU | ||
| Business Services | 10/02/2025 12:17 PM | 10/02/2025 12:16 PM | US | ||
| Hospitality and Tourism | 03/02/2025 12:50 PM | 03/02/2025 12:50 PM | MO | ||
| Healthcare | 01/02/2025 03:04 PM | 01/02/2025 03:04 PM | IN | ||
| Not Found | 30/01/2025 03:45 AM | 30/01/2025 03:45 AM | |||
| Financial Services | 26/01/2025 02:23 PM | 26/01/2025 02:23 PM | IN | ||
| Technology | 25/01/2025 09:03 PM | 25/01/2025 09:03 PM | FR | ||
| Financial Services | 25/01/2025 07:45 PM | 25/01/2025 07:45 PM | US | ||
| Technology | 24/01/2025 09:58 PM | 24/01/2025 09:58 PM | US | ||
| Financial Services | 21/01/2025 02:53 PM | 21/01/2025 02:53 PM | IN | ||
| Business Services | 21/01/2025 02:50 PM | 21/01/2025 02:50 PM | US | ||
| Healthcare | 16/01/2025 10:05 AM | 16/01/2025 10:05 AM | CL | ||
| Consumer Services | 16/01/2025 10:02 AM | 16/01/2025 10:02 AM | IN | ||
| Manufacturing | 21/12/2024 09:28 PM | 21/12/2024 09:28 PM | DE | ||
| Business Services | 21/12/2024 09:25 PM | 21/12/2024 09:25 PM | CA | ||
| Business Services | 21/12/2024 09:22 PM | 21/12/2024 09:22 PM | US | ||
| Business Services | 21/12/2024 09:19 PM | 21/12/2024 09:19 PM | US | ||
| Business Services | 21/12/2024 09:16 PM | 21/12/2024 09:16 PM | US | ||
| Business Services | 21/12/2024 09:13 PM | 21/12/2024 09:13 PM | US | ||
| Transportation/Logistics | 21/12/2024 09:10 PM | 21/12/2024 09:10 PM | US | ||
| Agriculture and Food Production | 21/12/2024 09:07 PM | 21/12/2024 09:07 PM | US | ||
| Transportation/Logistics | 21/12/2024 09:04 PM | 21/12/2024 09:04 PM | US | ||
| Business Services | 21/12/2024 09:00 PM | 21/12/2024 09:00 PM | US | ||
| Business Services | 21/12/2024 08:57 PM | 21/12/2024 08:57 PM | US | ||
| Transportation/Logistics | 21/12/2024 08:54 PM | 21/12/2024 08:54 PM | US | ||
| Manufacturing | 21/12/2024 08:51 PM | 21/12/2024 08:51 PM | US | ||
| Manufacturing | 21/12/2024 08:48 PM | 21/12/2024 08:48 PM | US | ||
| Manufacturing | 21/12/2024 05:32 PM | 21/12/2024 05:32 PM | US | ||
| Manufacturing | 21/12/2024 05:29 PM | 21/12/2024 05:29 PM | CA | ||
| Manufacturing | 21/12/2024 05:26 PM | 21/12/2024 05:26 PM | US | ||
| Manufacturing | 21/12/2024 05:23 PM | 21/12/2024 05:23 PM | IN | ||
| Agriculture and Food Production | 21/12/2024 05:20 PM | 21/12/2024 05:20 PM | US | ||
| Technology | 20/12/2024 09:18 PM | 20/12/2024 09:18 PM | US | ||
| Energy | 20/12/2024 01:24 PM | 20/12/2024 01:24 PM | ID | ||
| Healthcare | 20/12/2024 11:30 AM | 20/12/2024 11:30 AM | US | ||
| Energy | 20/12/2024 11:27 AM | 20/12/2024 11:27 AM | BW | ||
| Not Found | 18/12/2024 05:13 PM | 18/12/2024 05:13 PM | US | ||
| Transportation/Logistics | 15/12/2024 06:45 PM | 15/12/2024 06:45 PM | TH | ||
| Financial Services | 15/12/2024 06:42 PM | 15/12/2024 06:42 PM | GB | ||
| Manufacturing | 11/12/2024 06:54 PM | 11/12/2024 06:54 PM | MX | ||
| Business Services | 05/12/2024 12:00 PM | 05/12/2024 12:00 PM | US | ||
| Technology | 28/11/2024 08:41 AM | 28/11/2024 08:41 AM | NG | ||
| Technology | 28/11/2024 08:38 AM | 28/11/2024 08:38 AM | AU | ||
| Business Services | 28/11/2024 06:47 AM | 28/11/2024 06:47 AM | US | ||
| Business Services | 28/11/2024 06:44 AM | 28/11/2024 06:44 AM | IN | ||
| Business Services | 28/11/2024 06:40 AM | 28/11/2024 06:40 AM | IN | ||
| Agriculture and Food Production | 26/11/2024 06:12 AM | 26/11/2024 06:12 AM | US | ||
| Technology | 26/11/2024 12:44 AM | 26/11/2024 12:44 AM | US | ||
| Financial Services | 26/11/2024 12:41 AM | 26/11/2024 12:41 AM | US | ||
| Business Services | 26/11/2024 12:37 AM | 26/11/2024 12:37 AM | MY | ||
| Business Services | 25/11/2024 03:48 AM | 25/11/2024 03:48 AM | SA | ||
| Healthcare | 25/11/2024 03:45 AM | 25/11/2024 03:45 AM | AE | ||
| Technology | 25/11/2024 03:42 AM | 25/11/2024 03:42 AM | US | ||
| Healthcare | 25/11/2024 03:39 AM | 25/11/2024 03:38 AM | US | ||
| Business Services | 24/11/2024 04:07 AM | 24/11/2024 04:07 AM | US | ||
| Consumer Services | 24/11/2024 02:39 AM | 24/11/2024 02:39 AM | IN | ||
| Not Found | 24/11/2024 01:09 AM | 24/11/2024 01:09 AM | KE | ||
| Business Services | 23/11/2024 10:11 PM | 23/11/2024 10:11 PM | AU | ||
| Not Found | 22/11/2024 01:10 AM | 22/11/2024 01:10 AM | CH | ||
| Not Found | 21/11/2024 05:46 PM | 21/11/2024 05:46 PM | CO | ||
| Not Found | 20/11/2024 02:28 AM | 20/11/2024 02:28 AM | BR | ||
| Healthcare | 20/11/2024 02:25 AM | 20/11/2024 02:25 AM | CO | ||
| Financial Services | 19/11/2024 03:32 AM | 19/11/2024 03:32 AM | IN | ||
| Energy | 19/11/2024 03:29 AM | 19/11/2024 03:29 AM | US | ||
| Technology | 18/11/2024 12:11 AM | 18/11/2024 12:11 AM | US | ||
| Financial Services | 17/11/2024 02:06 PM | 17/11/2024 02:06 PM | GB | ||
| Financial Services | 17/11/2024 12:06 AM | 17/11/2024 12:06 AM | VN | ||
| Healthcare | 15/11/2024 12:40 AM | 15/11/2024 12:40 AM | IL | ||
| Manufacturing | 13/11/2024 12:39 AM | 13/11/2024 12:39 AM | BR | ||
| Financial Services | 12/11/2024 11:10 PM | 12/11/2024 11:10 PM | US | ||
| Education | 11/11/2024 10:21 PM | 11/11/2024 10:21 PM | RO | ||
| Healthcare | 10/11/2024 01:47 PM | 10/11/2024 01:47 PM | SA | ||
| Healthcare | 04/11/2024 05:21 AM | 04/11/2024 05:21 AM | IN | ||
| Manufacturing | 02/11/2024 12:44 PM | 02/11/2024 12:44 PM | ZA | ||
| Healthcare | 28/10/2024 08:09 PM | 28/10/2024 08:09 PM | IN | ||
| Financial Services | 28/10/2024 07:14 AM | 28/10/2024 07:14 AM | BR | ||
| Not Found | 27/10/2024 01:18 PM | 27/10/2024 01:18 PM | AE | ||
| Education | 27/10/2024 03:50 AM | 27/10/2024 03:50 AM | US | ||
| Consumer Services | 26/10/2024 02:41 PM | 26/10/2024 02:41 PM | IN | ||
| Healthcare | 25/10/2024 04:50 PM | 25/10/2024 04:50 PM | IN | ||
| Technology | 25/10/2024 04:47 PM | 25/10/2024 04:47 PM | SG | ||
| Public Sector | 25/10/2024 04:47 PM | 25/10/2024 04:47 PM | BR | ||
| Business Services | 25/10/2024 04:45 PM | 25/10/2024 04:45 PM | IN | ||
| Business Services | 25/10/2024 04:44 PM | 25/10/2024 04:44 PM | GB | ||
| Business Services | 25/10/2024 04:43 PM | 25/10/2024 04:43 PM | GB | ||
| Transportation/Logistics | 23/10/2024 01:16 AM | 23/10/2024 01:16 AM | IN | ||
| Technology | 22/10/2024 02:11 AM | 22/10/2024 02:11 AM | IN | ||
| Hospitality and Tourism | 22/10/2024 12:42 AM | 22/10/2024 12:42 AM | US | ||
| Consumer Services | 22/10/2024 12:39 AM | 22/10/2024 12:39 AM | IN | ||
| Healthcare | 20/10/2024 12:07 AM | 20/10/2024 12:07 AM | IN | ||
| Healthcare | 19/10/2024 02:41 AM | 19/10/2024 02:41 AM | US | ||
| Hospitality and Tourism | 18/10/2024 12:07 AM | 18/10/2024 12:07 AM | IN | ||
| Healthcare | 17/10/2024 01:37 AM | 17/10/2024 01:37 AM | IN | ||
| Public Sector | 16/10/2024 12:09 AM | 16/10/2024 12:09 AM | LY | ||
| Healthcare | 14/10/2024 10:41 PM | 14/10/2024 10:41 PM | IN | ||
| Technology | 10/10/2024 11:33 PM | 10/10/2024 11:33 PM | IN | ||
| Financial Services | 09/10/2024 09:42 PM | 09/10/2024 09:42 PM | US | ||
| Agriculture and Food Production | 09/10/2024 09:40 PM | 09/10/2024 09:40 PM | TH | ||
| Construction | 09/10/2024 01:09 AM | 09/10/2024 01:09 AM | MX | ||
| Financial Services | 08/10/2024 10:06 PM | 08/10/2024 10:06 PM | CN | ||
| Healthcare | 08/10/2024 06:50 AM | 08/10/2024 06:50 AM | IN | ||
| Technology | 07/10/2024 12:07 AM | 07/10/2024 12:07 AM | DZ | ||
| Business Services | 05/10/2024 11:34 PM | 05/10/2024 11:34 PM | KR | ||
| Technology | 05/10/2024 12:11 PM | 05/10/2024 12:11 PM | IN | ||
| Education | 04/10/2024 01:49 AM | 04/10/2024 01:49 AM | BD | ||
| Healthcare | 01/10/2024 01:41 AM | 01/10/2024 01:41 AM | IN | ||
| Healthcare | 01/10/2024 12:07 AM | 01/10/2024 12:07 AM | IN | ||
| Public Sector | 30/09/2024 05:34 PM | 30/09/2024 05:34 PM | TH | ||
| Transportation/Logistics | 30/09/2024 12:04 AM | 30/09/2024 12:04 AM | IN | ||
| Business Services | 29/09/2024 10:14 PM | 29/09/2024 10:14 PM | IN | ||
| Public Sector | 29/09/2024 01:46 AM | 29/09/2024 01:46 AM | BR | ||
| Healthcare | 23/09/2024 04:04 PM | 23/09/2024 04:04 PM | BE | ||
| Public Sector | 17/09/2024 09:40 PM | 17/09/2024 09:39 PM | CN | ||
| Technology | 16/09/2024 03:37 PM | 16/09/2024 03:37 PM | US | ||
| Financial Services | 10/09/2024 08:04 PM | 10/09/2024 08:04 PM | IN | ||
| Financial Services | 09/09/2024 08:37 PM | 09/09/2024 08:37 PM | BE | ||
| Technology | 09/09/2024 08:34 PM | 09/09/2024 08:34 PM | BE | ||
| Business Services | 05/09/2024 11:18 PM | 05/09/2024 11:18 PM | BE | ||
| Financial Services | 05/09/2024 11:15 PM | 05/09/2024 11:15 PM | BE | ||
| Financial Services | 05/09/2024 11:12 PM | 05/09/2024 11:12 PM | BE | ||
| Business Services | 28/08/2024 09:20 PM | 28/08/2024 09:20 PM | US | ||
| Healthcare | 28/08/2024 06:35 PM | 28/08/2024 06:35 PM | VN | ||
| Agriculture and Food Production | 28/08/2024 06:31 PM | 28/08/2024 06:31 PM | BE | ||
| Business Services | 28/08/2024 12:46 PM | 28/08/2024 12:46 PM | US | ||
| Business Services | 26/08/2024 03:19 AM | 26/08/2024 03:19 AM | ZA | ||
| Technology | 26/08/2024 01:15 AM | 26/08/2024 01:15 AM | US | ||
| Transportation/Logistics | 23/08/2024 07:59 PM | 23/08/2024 07:59 PM | BR | ||
| Technology | 22/08/2024 09:49 PM | 22/08/2024 09:49 PM | US | ||
| Transportation/Logistics | 22/08/2024 08:14 PM | 22/08/2024 08:14 PM | CO | ||
| Technology | 22/08/2024 03:14 PM | 22/08/2024 03:14 PM | RU | ||
| Technology | 21/08/2024 12:13 AM | 21/08/2024 12:13 AM | IN | ||
| Transportation/Logistics | 14/08/2024 04:06 PM | 14/08/2024 04:06 PM | RO | ||
| Technology | 08/08/2024 10:01 PM | 08/08/2024 10:01 PM | TH | ||
| Healthcare | 07/08/2024 08:23 AM | 07/08/2024 08:23 AM | |||
| Business Services | 04/08/2024 07:19 PM | 04/08/2024 07:19 PM | PL | ||
| Business Services | 31/07/2024 06:10 PM | 31/07/2024 06:10 PM | IN | ||
| Technology | 30/07/2024 09:39 PM | 30/07/2024 09:39 PM | RO | ||
| Transportation/Logistics | 01/07/2024 09:11 AM | 01/07/2024 09:11 AM | TN | ||
| Financial Services | 17/05/2024 02:36 AM | 17/05/2024 02:36 AM | BD | ||
| Financial Services | 17/05/2024 02:35 AM | 17/05/2024 02:35 AM | NP | ||
| Public Sector | 03/04/2024 12:01 AM | 03/04/2024 12:01 AM | IN | ||
| Public Sector | 21/03/2024 06:31 PM | 21/03/2024 06:31 PM | RO | ||
| Business Services | 21/03/2024 06:31 PM | 21/03/2024 06:31 PM | BD | ||
| Financial Services | 21/03/2024 06:30 PM | 21/03/2024 06:30 PM | IN | ||
| Business Services | 21/03/2024 06:30 PM | 21/03/2024 06:30 PM | US | ||
| Public Sector | 21/03/2024 06:29 PM | 21/03/2024 06:29 PM | IN |
Known threat actors
Ransomware groups behind the attacks
Below is a breakdown of the most active ransomware groups and the variants driving their attacks.
Post breach actions
-
Call a NCSC Cyber Incident Response approved supplier Some NCSC providers will fund up to 48 hours of investigation into your incident.
-
Report the incident to Report Fraud
-
Locate your business continuity plan Work out what you can do without access to your systems and data.
-
Identify your business insurance contact details
Who are we and what experience do we have in responding to cyber incidents?
We are accredited to ISO 27001 and recognised by the UK’s National Cyber Security Centre (NCSC).
We provide comprehensive cyber risk management services, with a core focus on Digital Forensics and Incident Response (DFIR). Our capabilities are driven by a 24/7 Security Operations Centre and a dedicated in-house intelligence team that delivers timely, actionable threat reporting.
With decades of collective cyber security experience, we have the expertise to assume operational ownership of your entire IT security architecture – simplifying and strengthening cyber security across your business.
As an Assured Service Provider for Cyber Incident Response (CIR) at the Standard Level. This accreditation demonstrates our ability to deliver high-assurance, effective support in response to a wide range of cyber threats.
Your NCSC-approved supplier is a specialist crime scene investigator who will:
- Isolate and preserve your environment for forensic investigation.
- Identify where the data has been duplicated and issue a legal takedown order.
- Identify your data, application and systems restore points. These might be at different points in time and will need to be carefully restored and reconstructed in a pristine environment.
- Liaise with your business insurance company and if needed, with the Police.
- Advise you on notifying your customers of your situation.
- Rebuild your systems, restore your data and get you back to full operation. Note: This process can take between 2 weeks – 2 months.
Working with us
Our response process
Our team are ransomware recovery specialists with a proven, streamlined approach to resolving incidents quickly and effectively.
Step 1: Triage
We deploy our incident response team the same day. From the first call, we begin onboarding, introduce key stakeholders, set communication schedules, and start gathering critical information to guide the response.
Step 2: Investigation
DFIR (Digital Forensic Incident Response) teams investigate breaches to identify vulnerabilities, attack vectors, and system impacts from ransomware such as Data Loss (PII). We deliver clear forensic insights to guide mitigation.
Step 3: Contain
Our onsite and remote teams act fast to stop the attack in its tracks. That includes isolating affected systems, removing malicious code, and putting protections in place to prevent further spread or damage.
Step 4: Remediate & Eradicate
Once contained, we work to fully eliminate the threat. This includes fixing exploited vulnerabilities, restoring systems to a secure state, and ensuring no traces of the attack remain.
Step 5: Recover
Our incident response teams help get your business back to normal. We restore access to systems, recover data, and ensure services are safe, stable, and functioning, with minimal downtime.
Step 6: Post Incident
We conduct a full review of the incident response and recovery efforts. Together we assess what happened, what worked, and what can be improved, helping you build stronger defences for the future.
Forensic analysis to drive recovery
Our process includes a thorough digital forensic analysis from step two where the output becomes a central component of business recovery. This is because understanding the attack is of critical importance:
Informing an initial infection date
The extent and spread of infection
Data exfiltration having an impact on regulatory positions
Ensuring that the attacker and any tooling or artefacts they leave behind are eradicated
It is critical that the analysis of digital evidence is carried out to an agreed plan.
Maximising early root cause discovery and legal leverage
The process is purpose-built to uncover the root cause as early as possible, which is essential to inform remediation / eradication and recovery as well as supporting a legal take-down case if this is applicable. A legal take-down means we can assist in the legal enforcement that stops the criminals from publishing the data, thus undermining the ransom notice.
Our Digital Forensic and Incident Response (DFIR) teams maintain consistent communication throughout. Dedicated Incident Managers and technical engineering leads provide updates during the Cyber Incident Response journey, utilising risk registers and working within change management processes, all from triage through to post-incident, delivering successful business recovery.
Key take aways
- You will not be able to access your systems or data.
- It is advised to disconnect from the internet and shut down your systems, including PCs, to prevent further infections.
- Your Office 365 system might also be compromised, allowing the attackers to monitor your responses. Avoid communicating with individuals through your primary email or team systems.
- Threat actors typically infiltrate your system at least 2-4 weeks before you become aware of the attack. Your data will have already been exfiltrated. If your system is encrypted, this was not an overnight event.
- Ransom demands in the UK typically range from £500,000 to £3 million, with some sectors, like education, facing demands that exceed £5 million
- Paying the ransom may violate financial sanctions, which is a criminal offence and could result in a custodial sentence or further financial penalties.
- If your data is sold or published online, it puts your customers and staff at risk, potentially implicating you in a Data Protection breach.
- You will need to submit a data takedown request to the initial location where the data was transferred.
- Do not overwrite the encrypted data. It is crucial to determine when the infection began and where the data was sent.
- Avoid rebuilding from the latest backup, as it is likely to be infected.
Why should I trust Zensec to do this work rather than my IT team?
A forensic analysis needs to be meticulous and a clean restore and recovery requires a wealth of experience not normally available in an in-house team who must provide a broader range of IT support skills:
Internal IT teams don’t have the necessary skill set to resolve security encryption issues themselves.
IT teams may recover to the same position with indicators of compromise ready to do it again… which can lead to another breach.
Internal teams are pressured to restore business operations and may recover before forensic analysis even begins, potentially destroying the crime scene before completion.
We can help
Frequently asked questions
Key information when you’re under pressure.
Yes, Killsec is a ransomware group that encrypts files and demands a ransom payment in cryptocurrency. It also employs double extortion tactics, threatening to leak stolen data if victims refuse to pay.
Cybersecurity reports have noted that Killsec attacks often coincide with targeted attempts to exfiltrate all the data from platforms that employ tools aimed at operational efficiency, such as ergonomic office furniture companies and revolutionary solutions providers in the agribusiness sector.
Yes. In June 2024, it launched its RaaS platform, offering affiliates access to a suite of malware tools via a Tor-based control panel. For a $250 fee, affiliates receive a ransomware builder, support chat, payment dashboards, and automated locker payloads written in C++. The service also includes analytics and plans to expand with tools for DDoS attacks and data theft, capabilities typical of modern RaaS platforms.
The Killsec ransomware entered your system by one of several ways:
Phishing Emails
RDP Vulnerabilities
Software Exploits
We recommend you adopt policies to:
Educate your staff on the importance of cyber security
Use strong passwords
Multi-factor authentication
Remove old users
Perform regular backups
Deploy timely updates to software and systems
After recovering from a Killsec ransom attack, Zensec recommends that you update your business continuity plan to account for lessons learnt during this attack & recovery.
The NCSC is the UK National Cyber Security Centre. They provide cyber security guidance and support, helping to make the UK the safest place to live and work online. They have defined a Cyber Incident Response procedure and they have approved and accredited suppliers to provide this service.
As a recognised Assured Service Provider by the National Cyber Security Centre (NCSC), Zensec provide comprehensive cyber risk management services that are designed to Protect, Detect & Mitigate cyber security threats across the UK.
Report Fraud is the UK's national reporting centre for fraud and cybercrime. Whether you have been scammed, defrauded, or experienced cybercrime in England, Wales, or Northern Ireland, Report Fraud offers a central point of contact for information on fraud and financially motivated cybercrime.
https://www.reportfraud.police.uk/https://www.actionfraud.police.uk/
Most ransomware breaches cost approximately £500K, while smaller email data breaches typically cost around £50K. There is a critical balance between preserving the environment for forensic analysis and quickly recovering it to minimise business interruption. The costs increase the longer it takes to identify and resolve the breach.
A cyber security insurance claim is complex, covering reasonable expenses for investigating and remediating an incident, along with legal fees, business interruption, criminal liability, employment liability, and ransom payments. Although the insurance industry is responsible for facilitating business recovery, cyber insurance is viewed as volatile, and many policies are not being validated correctly.
Finding your way through demands expertise, and that's where Zensec can offer assistance.
Yes. There's a possibility that some of the lost data falls under the category of "Personal Data" belonging to your customers. It's your legal responsibility to safeguard this data, even if it has been lost. Additionally, you may need to notify the Information Commissioner's Office at https://ico.org.uk/.
Your insurer or legal counsel will provide guidance on the necessary steps and how to move forward in this situation.
Zensec has experience collaborating with insurers and legal professionals and can offer support in managing this relationship during this challenging period.
Dealing with a ransomware attack?
Our ransomware recovery service can help
Our expert team works quickly to contain the breach, recover your data, and restore your systems to full operation. We’ll guide you through every step of the recovery process and help strengthen your defences to prevent future attacks. Regain control with Zensec - trusted support when it matters most.