Crypto24 is a double-extortion ransomware-as-a-service group that surfaced on the RAMP forum in mid-2024, targeting large organizations in financial services, healthcare, manufacturing, and technology across Asia, Europe, and North America, with notable victims including CMC Group, Vietnam's second-largest ICT conglomerate.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Este grupo no tiene TTPs curadas. Puedes generar un mapeo MITRE ESTIMADO por IA (no confirmado) a partir de su descripción/notas, solo cuando lo pidas.
Para detección/bloqueo en tu EDR/SIEM. Fuente: ransomware.live.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
crypto24 ransomware
*/
rule crypto24_Ransomnote
{
meta:
author = "ransomware.live"
family = "ransomware.crypto24"
description = "Detects crypto24 ransomware ransom note or artifact"
date = "2026-05-04"
severity = 7
score = 70
strings:
$name1 = "crypto24" ascii nocase
$name2 = "CRYPTO24" ascii
$onion = "crypto24.onion" ascii nocase
condition:
any of them
}
*** We are Crypto24 Group *** *** Your files have been encrypted and stolen *** We have exfiltrated over 200 GB of your most sensitive business data from your internal network. - Prepress files for every product. - Personnel, HR, and customer records. - Databases, including PCFactory. - Finance, accounting, and QA logs ⏳ [ WHAT TO DO NEXT ] You have 3 days to contact us. After that, the price will increase. If we receive no response in 7 days, your data will be published on our TOR leak site: [redactado] (Access via TOR browser: [redactado] 💬 [ CONTACT INSTRUCTIONS ] Use the [redactado] messenger: - Download: [redactado] - Contact [redactado] ID: [redactado] - Device ID: [snip] Please include your **Company Name** and **Device ID** in your first message. 🔒 [ TEST DECRYPTION OFFER ] To prove we can restore your files, we offer free decryption of: - 1 document file (under 1MB) - 1 image file (under 5MB) 🚫 [ DO NOT TRUST UNVERIFIED “RECOVERY EXPERTS” ] You may try to recover your data on your own or with a security firm. However, we strongly advise against involving third parties who are not officially trusted by you. Do not share your device ID with untrusted third parties. The device ID is an identifier that proves that you are a victim. Some so-called “recovery experts” will ask for your Device ID. They will then contact us pretending to be you, get a test decryption from us, and act like they did it themselves. They’ll show you the decrypted file, make you believe they can recover everything, and take your money. In the end, they disappear. You lose time, money, and trust. Your Device ID means nothing to them technically — but it helps them fool you. We are the only ones with the keys. Don’t waste your time or budget chasing illusions. ⚠️ [ DO NOT ATTEMPT DIY DECRYPTION ] You are free to try recovery attempts with your own tools or with trusted providers. But we strongly recommend that you **create backups first**. If you damage or overwrite any encrypted files, not even we can restore them. No tool, no expert, and no government can break our encryption without the key. ✅ [ WHY CHOOSE US ] We are professionals. If anyone else or any organization claims to be able to decrypt it, it is a scam. The strength of the encryption makes it impossible for anyone other than us to decrypt it. The sooner you contact us, the lower the cost — and the faster your business can get back on track. **We are the only ones who can actually solve this.** Act quickly. Every hour counts. Contact us now to begin the recovery. Time is running out.
[AI generated] "Katcon Global" is a prominent automotive supplier, specialized in the field of developing, designing, and manufacturing advanced vehicle exhaust systems. Established in 1993 in Mexico, the company has now expanded worldwide at multiple locations, including Europe, Asia, Australia, and America. Besides exhaust systems, Katcon also provides solutions in energy recovery and sustainability sectors.
[AI generated] Estudio O'Farrell is a prestigious law firm based in Buenos Aires, Argentina. Known for its comprehensive legal services, the firm specializes in areas such as corporate law, tax law, banking and finance, and labor law among others. Having a history of over 130 years, Estudio O'Farrell has represented multiple high-profile clients and is renowned for its professional and innovative legal solutions.
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| Katcon Global | MX | Manufacturing | — | 2 abr 2026 |
| Estudio O'Farrell | AR | Business Services | — | 24 mar 2026 |
| Banco Hipotecario del Uruguay | UY | Financial Services | — | 3 oct 2025 |
| SOUBEIRAN CHOBET S.R.L. | AR | Business Services | — | 22 jul 2025 |
| Iris Neofinanciera | CO | Financial Services | — | 8 abr 2025 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
We have exfiltrated over 700GB of most sensitive highly sensitive customer PII, financial/accounting records, legal/contracts, property/title documents, credit and risk files, market/trading operations data, and IT/security configuration information.
We have exfiltrated over 300GB of most sensitive and business-critical data from internal servers including full DBs including Microsoft Dynamics GP database, financials, accounting records, HR files, inventory logs, production processes, customer contracts, and complaint records, complete data analytics and marketing materials.And also have R&D and QC datasets, such as HPLC/FASE MOVIL outputs, experimental protocols, specialized pharmaceutical formulations, master batch records detailing proprietary production know-how, ANMAT/FDA CTDs, product recall logs, GMP audit results, deviation reports, and regulatory correspondence.
All files of google drives, google chatting data ,workmanager documents(for last 5years) ,sql dbs and personal information of clients and staffs.