aka Public Data Storage
Crypto24 emerged in early 2025 as a fast-growing double-extortion ransomware-as-a-service (RaaS) group. It targets organizations across industries such as financial services, healthcare, logistics, and technology, with notable victims in Malaysia, Colombia, Egypt, and India. The group executes rapid infiltration—often leveraging stolen credentials—encrypts files (appending the .crypto24 extension), and exfiltrates significant volumes of data (e.g., 2 TB from Vietnam’s CMC Group). Affiliate-oriented operations are indicated by their presence on RAMP forums, suggesting professional recruitment and offering free decryption for small file samples to entice victims.
We have exfiltrated over 300GB of sensitive data, including Customer databases (all dbs of wtc - TOURPLAN, CRM, E-INVOICE,...),Legal and HR documents, Financial and employee records, Contractual documents with partners and customers.
Data Size: 300GB
We have exfiltrated over 300GB of sensitive data, including Customer databases (all dbs of tanchong - NAV, BRASSTAX, VTS, CRM, E-INVOICE,...),Legal and HR documents, Financial and employee records, Contractual documents with partners and customers.
Data Size: 730GB
The entire InsureAZ database has been leaked — including real insurance documents and all related materials such as medical, auto, and internal corporate records.
1TB
It contains sensitive personal data, including medical records, official documents, and imaging files of millions of patients, as well as various databases.
Data Size: 2.4TB
This leak contains the full TSMC 5nm and 7nm Process Design Kits, UMC 40ULP PDK and FDK, along with confidential AI-related project data from internal R&D, including simulation models, layout files, hardware accelerator designs, and proprietary training architectures, all sourced directly from foundry servers.
