CryLock is a ransomware operation that emerged in April 2020 as a variant of the Cryakl ransomware family, also known as Fantomas. This group is primarily motivated by financial gain through cryptoviral extortion, demanding cryptocurrency payments for file decryption. A distinguishing feature of CryLock is its file renaming convention during encryption, where it appends a developer's email, a unique victim ID, and a randomized three-letter extension to affected files. The group has shown an evolution in its operational model, moving towards a semi-affiliate structure offering customizable options to partners. While primarily employing encryption, some instances suggest the group may also operate as a data broker, or adopt a double extortion model by exfiltrating sensitive data and threatening its public release.

Paises afectados

URLs nuevas detectadas en IntelTracker