Kawa4096 is a ransomware group that emerged in June 2025, quickly gaining attention for its rapid and widespread activity, targeting multinational organizations primarily for financial gain. The group employs a double extortion model, exfiltrating data before encryption and threatening to publish stolen information on its Tor-based leak site. A distinctive characteristic of Kawa4096 is its mimicry of branding elements from other established ransomware groups, notably the Akira ransomware group's retro-style Tor leak site and the Qilin ransomware's ransom note format, a tactic likely employed to amplify psychological pressure and establish perceived credibility among victims. Kawa4096 operates under the aliases KaWaLocker and KaWa.

Paises afectados

Sectores atacados

URLs nuevas detectadas en IntelTracker