Chort
Compare
Parsing: enabled
Description
Chort is a relatively new data-extortion ransomware group that surfaced in late 2024, with confirmed activity beginning in October–November 2024. It operates under a double-extortion model—exfiltrating sensitive data before encrypting systems—and organizes victims via a Tor-hosted data leak site (DLS). The group has targeted organizations in the U.S. education sector (including schools and nonprofits) and in Kuwait's agriculture sector, among others. Technical behaviors include execution via PowerShell and removal of shadow copies to disrupt recovery. The group's approach emphasizes public pressure through data exposure rather than technical innovation.
External Analysis3
| External Analysis |
|---|
| https://www.cyjax.com/resources/blog/the-devil-and-the-termite-data-leak-sites-emerge-for-chort-and-termite-extortion-groups/ |
| https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/chort |
| https://therecord.media/ransomware-sheboygan-breach-notice |
Telegram1
| Telegram |
|---|
| @ChortGroup |
Urls1
| Url | ||||
|---|---|---|---|---|
| http://hgxyonufefcglpekxma55fttev3lcfucrf7jvep2c3j6447cjroadead.onion | Down |
|
Activity (interactive) 7
Posts7
| Date | Title | Description | Screen |
|---|---|---|---|
| sheboyganwi.gov | United States Government Taken Data Size : 200GB Posted Time : 2024-11-22 | Screen | |
| hartwick.edu | Colleges & Universities Taken Data Size : 150GB Posted Time : 2024-11-13 | Screen | |
| paaf.gov.kw | Ministry Of Finance, kuwait Taken Data Size : 200GB Posted Time : 2024-10-29 | Screen | |
| bartow.k12.ga.us | Education & Consumer Services Taken Data Size : 210GB Posted Time : 2024-10-02 | Screen | |
| texanscan.org | Non-Profit & Charitable Organizations Taken Data Size : 0GB Posted Time : 2024-10-29 | Screen | |
| edwardsburgschoolsfoundation.org | School & Education Taken Data Size : 0GB Posted Time : 2024-10-29 | Screen | |
| Tri-TechElectronics.com | Manufacturing Taken Data Size : 100GB Posted Time : 2024-10-29 | Screen |
