Cyberdudebivash

  Executive Snapshot What’s new: Kawa4096 (a.k.a. KawaLocker ) surfaced in June 2025 with a Tor leak site mimicking Akira and a ransom note closely resembling Qilin —an intentional brand-mimicry play to boost credibility and pressure victims. trustwave.com +1 How it hits: Operators use RDP with compromised creds in at least one observed case, drop tools (e.g., HRSword , kill.exe ) to disable security , then deploy the encryptor, delete Volume Shadow Copies , clear Windows logs , and self-delete . Huntress Where it bites: Public victim listings and telemetry point to U.S., Japan, and Germany among top targets; healthcare, financial services, and public sector appear in early tallies. ransomware.live Crypto details (vary by sample): Some analyses note hybrid crypto (ChaCha20 + Curve25519) ; others describe partial chunk encryption using Salsa20 to speed impact. Expect variant drift across campaigns. watchguard.com +1 Threat Anatomy (What Sets Kawa4096 Ap...