Bleeping Computer
The Crypto24 ransomware group has been using custom utilities to evade security solutions on breached networks, exfiltrate data, and encrypt files.
The threat group's earliest activity was reported on BleepingComputer forums in September 2024 , though it never reached notable levels of notoriety.
According to Trend Micro researchers tracking Crypto24's operations, the hackers have hit several large organizations in the United States, Europe, and Asia, focusing on high-value targets in the finance, manufacturing, entertainment, and tech sectors.
The security researchers report that Crypto24 appears to be knowledgeable and well-versed, suggesting a high likelihood that it was formed by former core members of now-defunct ransomware operations.
Post-compromise activity
After gaining ini