Suncrypt is a ransomware-as-a-service (RaaS) operation that first emerged in October 2019, initially using malware written in Go before shifting to C/C++ by mid-2020. The group distinguishes itself by pioneering a "triple extortion" model, which involves not only encrypting victim data but also exfiltrating it for public release on a dedicated leak site and threatening Distributed Denial of Service (DDoS) attacks if ransoms are not paid. While Suncrypt claimed an association with the Maze ransomware cartel, this affiliation was denied by Maze, although shared C2 infrastructure has been observed. Their primary motivation is financial gain through these multi-faceted extortion tactics. The group is also known by the alias Such_Crypt.