Crylock

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
CryLock is a form of malware, specifically ransomware, known for its capability to infiltrate systems and hold data hostage for ransom. This malicious software can infect systems through suspicious downloads, emails, or websites, often without the knowledge of the user. Once inside, CryLock can disrupt operations, steal personal information, and demand a ransom to release the affected data. A user on SafeZone, a Russian anti-malware forum, was reported seeking help for an infection by this ransomware, indicating its global reach and potential for harm. The threat actors behind CryLock appear to have evolved their tactics over time. Evidence suggests that these same actors may now be operating under the guise of Trigona, another strain of ransomware discovered in October 2022. Both Trigona and CryLock share significant similarities in tools, tactics, and procedures (TTPs), as pointed out by multiple research teams, including Palo Alto's Unit 42. The email associated with Trigona ransom notes (phandaledr@onionmail[.]org) was also mentioned in an online forum discussing CryLock, further supporting this connection. The shift from CryLock to Trigona suggests an ongoing evolution in the strategies employed by these threat actors. Previously, groups like CryLock and Dharma/Crysis used mass-mailed downloads or links attached to email messages as their primary vector for delivering malware. This method often managed to bypass anti-spam filters due to its indiscriminate spread. As these threat actors continue to adapt and develop new malware strains, it underscores the importance of continuous vigilance, robust cybersecurity measures, and regular updates in malware research.
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Trigona
4
Trigona, a notable ransomware strain first identified in 2022, is a type of malicious software designed to infiltrate systems and hold data hostage for ransom. Its operations gained significant attention in 2023, as it emerged as a prominent threat in the cybersecurity landscape. Trigona had a uniqu
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Crylock Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Unit42
a year ago
Bee-Ware of Trigona, An Emerging Ransomware Strain
CERT-EU
a year ago
24th April – Threat Intelligence Report - Check Point Research
CERT-EU
a year ago
GRIT Ransomware Report: April 2023
CERT-EU
a year ago
An Overview of the Different Versions of the Trigona Ransomware
CERT-EU
a year ago
New Trigona ransomware strain up and running, but still evolving | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting
CERT-EU
7 months ago
Pro-Ukraine hacktivists reportedly hijacked Trigona ransomware servers
Trend Micro
a year ago
An Overview of the Different Versions of the Trigona Ransomware
Trend Micro
a year ago
A Deep Dive into the Evolution of Ransomware Part 1
CERT-EU
a year ago
Hackers Using Mimikatz Hacking Tool to Deploy Trigona Ransomware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting
Securityaffairs
a year ago
Trigona Ransomware targets Microsoft SQL servers