Crylock

CryLock is a form of malware, specifically ransomware, known for its capability to infiltrate systems and hold data hostage for ransom. This malicious software can infect systems through suspicious downloads, emails, or websites, often without the knowledge of the user. Once inside, CryLock can disrupt operations, steal personal information, and demand a ransom to release the affected data. A user on SafeZone, a Russian anti-malware forum, was reported seeking help for an infection by this ransomware, indicating its global reach and potential for harm. The threat actors behind CryLock appear to have evolved their tactics over time. Evidence suggests that these same actors may now be operating under the guise of Trigona, another strain of ransomware discovered in October 2022. Both Trigona and CryLock share significant similarities in tools, tactics, and procedures (TTPs), as pointed out by multiple research teams, including Palo Alto's Unit 42. The email associated with Trigona ransom notes (phandaledr@onionmail[.]org) was also mentioned in an online forum discussing CryLock, further supporting this connection. The shift from CryLock to Trigona suggests an ongoing evolution in the strategies employed by these threat actors. Previously, groups like CryLock and Dharma/Crysis used mass-mailed downloads or links attached to email messages as their primary vector for delivering malware. This method often managed to bypass anti-spam filters due to its indiscriminate spread. As these threat actors continue to adapt and develop new malware strains, it underscores the importance of continuous vigilance, robust cybersecurity measures, and regular updates in malware research.