Chort
Parsing : Enabled
Description
Chort is a relatively new data-extortion ransomware group that surfaced in late 2024, with confirmed activity beginning in October–November 2024. It operates under a double-extortion model—exfiltrating sensitive data before encrypting systems—and organizes victims via a Tor-hosted data leak site (DLS). The group has targeted organizations in the U.S. education sector (including schools and nonprofits) and in Kuwait's agriculture sector, among others. Technical behaviors include execution via PowerShell and removal of shadow copies to disrupt recovery. The group's approach emphasizes public pressure through data exposure rather than technical innovation.
| External Analysis |
| https://www.cyjax.com/resources/blog/the-devil-and-the-termite-data-leak-sites-emerge-for-chort-and-termite-extortion-groups/ |
| https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/chort |
| https://therecord.media/ransomware-sheboygan-breach-notice |
| Urls |
Screen |
| http://hgxyonufefcglpekxma55fttev3lcfucrf7jvep2c3j6447cjroadead.onion |
Screen |
Posts
| Date |
Title |
Description |
Screen |
| 2024-11-22 |
sheboyganwi.gov |
United States Government
Taken Data Size : 200GB
Posted Time : 2024-11-22 |
Screen |
| 2024-11-15 |
hartwick.edu |
Colleges & Universities
Taken Data Size : 150GB
Posted Time : 2024-11-13 |
Screen |
| 2024-11-15 |
paaf.gov.kw |
Ministry Of Finance, kuwait
Taken Data Size : 200GB
Posted Time : 2024-10-29 |
Screen |
| 2024-11-15 |
bartow.k12.ga.us |
Education & Consumer Services
Taken Data Size : 210GB
Posted Time : 2024-10-02 |
Screen |
| 2024-10-29 |
texanscan.org |
Non-Profit & Charitable Organizations
Taken Data Size : 0GB
Posted Time : 2024-10-29 |
Screen |
| 2024-10-29 |
edwardsburgschoolsfoundation.org |
School & Education
Taken Data Size : 0GB
Posted Time : 2024-10-29 |
Screen |
| 2024-10-29 |
Tri-TechElectronics.com |
Manufacturing
Taken Data Size : 100GB
Posted Time : 2024-10-29 |
Screen |