All ransomware groups
kawa4096
17 tracked victims
·first seen 2025-06-19·last activity 2025-07-28Group profile
Kawa4096 is a ransomware group that emerged in June 2025, targeting multinational corporations across finance, education, and services sectors primarily in the US and Japan, using partial-encryption (25% of each file chunk) with Salsa20 and a leak site styled after Akira's retro terminal aesthetic, claiming at least 11 victims.
Recent victims
| Date | Website / victim | Sector | Country |
|---|---|---|---|
| 2025-07-28 | * ********.org | Not Found | US |
| 2025-07-27 | * **********.net | Not Found | US |
| 2025-07-27 | * **********.com | Not Found | US |
| 2025-06-19 |  icmconv.comicmconv.com | Not Found | US |
| 2025-06-28 |  carestlhealth.orgcarestlhealth.org | Healthcare | US |
| 2025-07-20 |  sbamh.orgsbamh.org | Healthcare | US |
| 2025-06-25 |  gatewaycsb.orggatewaycsb.org | Public Sector | US |
| 2025-06-22 |  heimhaus.deheimhaus.de | Not Found | DE |
| 2025-06-26 |  tokiomarine-nichido.co.jptokiomarine-nichido.co.jp | Financial Services | JP |
| 2025-06-28 |  www.ogr-jp.comwww.ogr-jp.com | Not Found | JP |
| 2025-06-24 |  www.malonebailey.commalonebailey.com | Financial Services | US |
| 2025-06-26 | * **********-*******.co.jp | Not Found | JP |
| 2025-06-28 | * *************.org | Not Found | |
| 2025-06-20 |  MorningsideservicesMorningsideservices.com | Not Found | US |
| 2025-06-22 | * ******.de | Not Found | DE |
| 2025-06-24 | * ******.com | Not Found | US |
| 2025-06-25 | * ******.org | Not Found | US |