krybit

Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.

/*
krybit ransomware
*/

rule krybit_Ransomnote
{
    meta:
        author = "ransomware.live"
        family = "ransomware.krybit"
        description = "Detects krybit ransomware ransom note or artifact"
        date = "2026-05-04"
        severity = 7
        score = 70

    strings:
        $name1 = "krybit" ascii nocase
        $name2 = "KRYBIT" ascii
        $onion  = "krybit.onion" ascii nocase

    condition:
        any of them
}

--KRYBIT
Your network/system was encrypted.
Encrypted files have new extension.
--Blog
[redactado]
[redactado]
[redactado]
[redactado]
-- Compromising and sensitive data
We have downloaded compromising and sensitive data from you system/network
If you refuse to communicate with us and we do not come to an agreement, your data will be published.
Data includes:
- Employees personal data, CVs, DL , SSN.
- Complete network map including credentials for local and remote services.
- Financial information including clients data, bills, budgets, annual reports, bank statements.
- Complete datagrams/schemas/drawings for manufacturing in solidworks format
- And more...
-- Warning
If you modify files - our decrypt software won't able to recover data
If you use third party software - you can damage/modify files (see item 1)
You need cipher key / our decrypt software to restore you files.
The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions.
-- Recovery
1) Download tor browser: [redactado]
2) Visit the chat: [redactado]
3) Use this ID to log in: [snip]
4) Supp: [redactado]

• https://www.ransomware.live/group/krybit

• Business Services
  5
• Transportation/Logistics
  1
• Healthcare
  1
• Manufacturing
  1