Ransomware Group: GUNRA

VICTIM NAME: Seoul Guarantee Insurance

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the GUNRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 18, 2025, Seoul Guarantee Insurance, a Korean financial services insurer, is identified on a ransomware leak page attributed to the threat actor group “gunra” as a victim. The post frames the incident as a data leak rather than a traditional encryption event and claims the attackers exfiltrated a large Oracle database described as 13.2 terabytes and “pure compressed” from the insurer’s core systems. The page lists the victim’s industry as Insurance within Financial Services and notes Korea as the location, with an additional reference to Nicaragua appearing in the same body excerpt. The attackers say they have started analyzing the insurer’s core database and will publish all data soon. There is no explicit ransom figure or payment demand visible in the excerpt, and no encryption details are described; the content instead highlights the prospect of public access to the stolen data, consistent with a data-leak scenario.

The leak page shows no images or screenshots (the imagery count is zero). It references a single external link described as a sitemap index, which would enumerate download URLs for the leaked data. The public-facing text states that “Everyone can download everything from this site. Please get what you need,” signaling open, public access to the exfiltrated material. The post also indicates contact methods via a non-email channel, and the text references the data as Insurance sector data, including customer data from an insurance database.

Post-date metadata places the leak at August 18, 2025, which serves as the post date since no explicit compromise date is provided. The described dataset is a 13.2-terabyte Oracle database, indicating substantial data exposure. No ransom amount or encryption details are provided in the available content, reinforcing the interpretation of a data-leak incident rather than a traditional encryption-for-ransom scenario. The narrative centers on Seoul Guarantee Insurance within the Korean financial services sphere and implies access to core insurance data and customer records from the insurer’s database.