Kill Security

Also known asKill Security

Kill Security is a ransomware/extortion threat actor tracked in 2025 reporting. The provided content identifies Kill Security as a new or emerging group that surfaced in late 2024 and became operationally visible at scale in 2025. It is listed among the more active ransomware groups in 2025, accounting for approximately 2% of observed data leak site claims in one cited year-in-review, and is also referenced in ransomware trend reporting as a major group. The content notes a reported concentration of more than 40 victims in India and a steady pace of roughly 10 victims per month, alongside mention of a RaaS promotion ramp. ASEC reporting from September 2025 states that Kill Security listed a university application platform in South Korea as a new victim. The available content does not provide high-confidence details on malware family specifics, intrusion TTPs, or attribution to a nation-state. Known alias in the provided content: kill_security.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Who they target

Sectors the actor has been observed targeting.

education

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

analyst1 blogNews

Feb 18, 2026

Ransomware & Extortion Activity | Analyst1

Newer extortion/ransomware actor that became visible at scale in 2025 via DLS claims.

cyberthroneNews

Dec 24, 2025

Inside Ransomware Threat Landscape 2025 Analysis

Ransomware group with a focus on India, promoting RaaS and maintaining steady attack volume.

ahnlab asec blogNews

Oct 17, 2025

September 2025 Threat Trend Report on Ransomware

Kill Security is identified as a major ransomware group active in September 2025.

ahnlab asec blogNews

Sep 25, 2025

Ransom & Dark Web Issues Week 4, September 2025

Ransomware operations claiming new victims; specifically lists a South Korean university application platform as a victim.

+1 more in the timeline

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.