KillSec
KillSec is a ransomware threat actor and ransomware operation that evolved from an Anonymous-aligned hacktivist group into a financially motivated hybrid extortion actor and RaaS-style operation.
Profile source: Mallory opens in a new tabKillSec
Family profile
KillSec is a ransomware threat actor and ransomware operation that evolved from an Anonymous-aligned hacktivist group into a financially motivated hybrid extortion actor and RaaS-style operation. The reporting describes KillSec as having transitioned from hacktivism to ransomware, and as offering affiliates additional capabilities including DDoS and data-stealer tooling. High-confidence references place KillSec among active ransomware groups in 2025–2026, including attacks against healthcare-sector businesses, a South Korean exhibition management platform, and healthcare institutions in Brazil. Comparative reporting cited KillSec as one of the most common ransomware strains affecting healthcare businesses in the first nine months of 2025, with 12 recorded attacks in that category. The content also notes that KillSec continued to list healthcare providers among its victims, unlike some groups that reportedly avoid that sector. No specific malware family technical details, infection chain, encryption routine, or indicators of compromise were provided in the source content.
Ransomware.live
Operational record
MITRE ATT&CK
KillSec in ATT&CK
1 distinct techniquesReporting
Research mentioning KillSec
Ransom & Dark Web Issues Week 2, March 2026 - ASEC
"KillSec and Everest ransomware attacks targeting a South Korean exhibition management platform and an elevator manufacturer"
The State of Ransomware - Q3 2025 - Check Point Research
While some groups, such as Play Ransomware, appear to enforce an internal policy against attacking healthcare institutions, others such as Qilin, INC Ransomware, and KillSec continue to list healthcare providers among their victims.
Healthcare ransomware attacks surge 30% in 2025, as cybercriminals shift focus to vendors and service partners - Industrial Cyber
For healthcare businesses... the most common ransomware strains against healthcare businesses were Qilin (19 attacks), KillSec (12), Akira (10), INC (9), and SafePay (7).
Security Affairs newsletter Round 541 by Pierluigi Paganini – INTERNATIONAL EDITION
KillSec Ransomware is Attacking Healthcare Institutions in Brazil
Power Rankings: Ransomware Malicious Quartile Q2-2025
KillSec has solidified its position as a hybrid threat actor, having transitioned from its origins as an Anonymous-aligned hacktivist group into a financially motivated ransomware operation.