SunCrypt Gang, also known by the detection name Ransom.SunCrypt, first emerged around October 2019 as a ransomware variant. The group quickly evolved to operate under a Ransomware-as-a-Service (RaaS) model, licensing its malware to affiliates. SunCrypt is assessed with high confidence to be associated with the Russian RaaS ecosystem. The primary motivation driving the group's operations is financial extortion, which they pursue through an aggressive "triple extortion" tactic involving data encryption, public data leaks, and Distributed Denial of Service (DDoS) attacks. This innovative use of DDoS as an additional pressure tactic distinguishes them from many other early ransomware groups. The group gained attention for its claimed affiliation with the Maze ransomware cartel, although Maze later denied any direct association.