crypto24
Ransomware group profile
Description
Crypto24 is a ransomware group that emerged in July 2024, operating under a Ransomware-as-a-Service model with a focus on financial gain through data encryption and extortion. Known for its use of legitimate IT tools combined with custom malware, the group conducts stealthy, multi-stage attacks and primarily targets organizations during off-peak hours to evade detection.
Key insights
- •Utilizes phishing and exploited RDP services for initial access.
- •Employs proprietary ransomware that appends a '.crypto24' extension to encrypted files.
- •Implements a double extortion scheme, threatening to leak stolen data if ransom is not paid.
- •Uses legitimate administrative tools like PSExec and AnyDesk for lateral movement.
- •Targets various sectors including manufacturing, healthcare, and legal services.
Threat Level & Status Breakdown
For crypto24 · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for crypto24 in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for crypto24
- ec5076aa5ac6ba904d33b8979c60dce1
- 3922461290fa663ee2853b2b5855afab0d39d799
- 3b0b4a11ad576588bae809ebb546b4d985ef9f37ed335ca5e2ba6b886d997bac
- eeafb2d4f6ed93ab417f190abdd9d3480e1b7b21
- 686bb5ee371733ab7908c2f3ea1ee76791080f3a4e61afe8b97c2a57fbc2efac
- 0eae3b3db725dbd017852e0d752184f5
- 7c5c87616c50cc04dd707ed4b620ba53
- 24f7b66c88ba085d77c5bd386c0a0ac3b78793c0e47819a0576b60a67adc7b73
- 8057d42ddb591dbc1a92e4dd23f931ab6892bcac
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for crypto24
T1486
T1486
T1490
T1490
T1021
T1021
T1562
T1562
T1078
T1078
T1547
T1547
T1059
T1059
T1046
T1046
T1021.001
T1021.001
T1037
T1037
T1080
T1080
T1071
T1071
Victims(37)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Qatar Biomedical Research Institute (QBRI) | hbku.edu.qa | QA Qatar | Education | Claimed | about 2 months ago | |
| Katcon Global | katcon.com | MX Mexico | Manufacturing | Claimed | 2 months ago | |
| Industrias Guerra, S.A. | iguerra.com | ES Spain | Manufacturing | Claimed | 2 months ago | |
| ActionPower | actionpower.kr | HR Croatia | Energy & Utilities | Claimed | 2 months ago | |
| Estudio O'Farrell | estudio-ofarrell.com | AR Argentina | Professional Services | Claimed | 2 months ago | |
| Invaccs software technologies pvt ltd | invaccs.com | IN India | Technology | Unknown | 3 months ago | |
| Comprehensive Orthopaedics and Musculoskeletal Care, LLC | comprehensiveorthopaedics.com | US United States | Healthcare | Unknown | 3 months ago | |
| Rowad Modern Engineering | rowad-rme.com | EG Egypt | Other | Unknown | 3 months ago | |
| Putnam Precision, Inc. | putnamprecision.com | US United States | Manufacturing | Unknown | 4 months ago | |
| MRC Prion Unit and Institute of Prion Diseases | ucl.ac.uk | GB United Kingdom | Healthcare | Unknown | 4 months ago | |
| Yource Bulgaria & Greece | yourcebulgaria.cc | BG Bulgaria | Professional Services | Unknown | 4 months ago | |
| Unified Assessment Platform ExamRoom.AI | examroom.ai | US United States | Education | Unknown | 5 months ago | |
| SASP SNCC AUTOMATISME SOLUTIONS PROCESS | sasp.fr | FR France | Technology | Unknown | 6 months ago | |
| Hollysys Asia Pacific | hollysys.com | SG Singapore | Technology | Unknown | 6 months ago | |
| AsahiKASEI MICRODEVICES | akm.com | US United States | Technology | Unknown | 7 months ago | |
| Bayu Buana Travel | bayubuanatravel.com | ID Indonesia | Hospitality | Unknown | 7 months ago | |
| Mei *** | — | IT Italy | Technology | Unknown | 7 months ago | |
| Meinhardt Group | meinhardtgroup.com | SG Singapore | Other | Unknown | 7 months ago | |
| Bayu Buana Travel Service | bayubuanatravel.com | ID Indonesia | Hospitality | Unknown | 7 months ago | |
| U.S. Vanadium Holding Company LLC | usvanadium.com | US United States | Manufacturing | Unknown | 8 months ago |
Page 1 of 2
Affected countries(31)
Countries where this group has been reported to target or leak victims.