Cloak

Compare

Parsing: enabled Captcha in place

Description

Cloak is a cybercriminal ransomware group that first appeared publicly in mid-2023, operating with a double-extortion model. It deploys an ARCrypter variant derived from Babuk, delivered via loaders that terminate security and backup services, delete shadow copies, and install encrypted payloads using algorithms like HC-128 combined with Curve25519 key generation. Victims include entities such as the Virginia Attorney General’s Office, whose IT systems were disrupted and whose data (134 GB) was exfiltrated and listed on Cloak’s Tor leak site. Cloak has been linked to other ARCrypter variants like Good Day, sharing victim portals and infrastructure. Its operations reportedly use initial access brokers, phishing, malvertising, and exploit kits for network infiltration.

External Analysis5

External Analysis
https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/cloak
https://www.thaiCERT.or.th/en/2025/03/25/cloak-ransomware-attacks-virginia-attorney-generals-office/
https://www.halcyon.ai/blog/cloak-ransomware-variant-exhibits-advanced-persistence-evasion-and-vhd-extraction-capabilities
https://www.sentinelone.com/blog/threat-actor-interplay-good-days-victim-portals-and-their-ties-to-cloak/
https://www.cyberint.com/blog/other/cloak-ransomware-whos-behind-the-cloak/

Ransom notes3

View all notes

Urls1

Url	Status	Screen	Uptime 30d	Health
http://cloak7jpvcb73rtx2ff7kaw2kholu7bdiivxpzbhlny4ybz75dpxckqd.onion	Down		37%

File servers34

Url	Status	Uptime 30d
http://jpef6snenchj3rxgugsozky3i34q66vmcoqy7neyu37xxiwxrad5doid.onion	Down	0%
http://glrw7ip5gz2fv2njbiqfvg5uiwavllw5zuixko4yrpj5hta7fjwqpjqd.onion	Up	13%
http://vicjwr6abknvcfjomocyb3koloidahc3hidwt5sq2ytwk7yepwfzlsid.onion	Down	37%
http://puzhh5aykks65qneqantprbqjt6k5bnigmwqwv6yvkxvkfu4ivva5mid.onion	Down	20%
http://piatupks5hai3oafo66xlj2eg2fbzjqy2j7gy3nyhqmnthlrwvrsolad.onion	Up	27%
http://necnstpnzuaovjocmiuv7ned7bstczit3kkvotqxl53xo5rfohndlvid.onion	Up	33%
http://ey2eak3vq5zbeu4s56m25mm4kvszy2is7gyjs6tsfzmhptbyijkzn2yd.onion	Down	20%
http://b53cqorlo7uftd3ymxguwnn7rfoz54ryoojjqxowdsaw2bahvuppntyd.onion	Up	30%
http://l3bbtg2p2gp2x43e2nngzkf7ab52k4mef3saowrl6m5notkts7p2vfyd.onion	Down	37%
http://vsdp5gqwrunytxw4f6dbxznux66aaewlwyenw3rantba4lwyzbckgfid.onion	Down	17%
http://a6gq22ngckken4xksz5ytl66sqeylh45ktke5pnbzfdksw5sfum5lvqd.onion	Up	27%
http://nbfxtlikrnicuht5yvvhlujpnh3spzjmek6eujeyck2ws34yytxjdhyd.onion	Up	33%
http://ziburuf5kh4phq5i6nmukpke7uruflhlvfexfmjwiwgghapz6ug3ajyd.onion	Down	27%
http://am3mzzguimx45wxywpukvwf3gobt3r4bidxzntjpsmqqge4s3vi2vvid.onion	Up	27%
http://occwme3xtlnzk3nlhn5ewsgodswrp6pysmmk7kcxqgj4hyiwkhoqcuyd.onion	Down	40%
http://qyywpuxysuur4exynwwwhu6nbd2f5vpj3h4tjbltfhwd4blamd4fppqd.onion	Up	23%
http://hsn2e745m36crxj2gmnrp432vbsyarhwvq3fgcyus345dp3oqlrltuad.onion	Down	27%
http://pbbeck4xcy3jzbu6lv5db3c5n3n44wngmpb5jj3yo4px32mlznziwbid.onion	Down	30%
http://hmxt5u75kj5qxqjqhckgaoda6zndgxcazleersyioat4iuq3ldgmkcid.onion	Up	30%
http://cii64fki62v2mudocjvgarzlmnpqrfp6xb7korapmdd7qmjpnccgduyd.onion	Down	40%
http://jrmayo7rvsx6sbv36djpdge6iwuem67dhccpctera2ykmqr6kplhayad.onion	Down	23%
http://ljrswxeei4isir3s5i7xmlzpx6sabmkgd7mvjrimcqwu7rqpn7bdjfad.onion	Down	27%
http://qixf7fqw237ikunw4ey22jsc4deltducf6zn4mq4ldyqab3ij3gehlyd.onion	Up	20%
http://ztqugnw4upfmd6mu3l6sdz2mfvzxzouhwgqqowyjeedgsmz733dqq2ad.onion	Down	30%
http://u66kitj46wmr5onijbbkg7cq45crcs66c563kyqy6klxm5c2nz42ujid.onion	Up	33%
http://e7gxrudyx2o733zlernyqqv623wyky5teor5xhnnx2g6dt4vf6jwn2yd.onion	Up	37%
http://qx2b2on5phkj4jczfpzfkb5cuhxn7wfqbgdu27pmxyzamoim3jqff6qd.onion	Down	30%
http://37izr5yow5d673agew22miyy3inbqncuv7gfp5372yciuzvadqef66yd.onion	Down	37%
http://d2wqt4kek62s35hjeankc75nis4zn4e5i6zdtmfkyeevr7fygpf2iiid.onion	Down	0%
http://sclj2rax5ljisew3v4msecylzo7iieqw25kcl7io4szei4qcujxixaid.onion	Down	30%
http://xyy2fymbdytltylyuicasuvw7vw3gtgm3cvvjskh4jnzfg3gp7dqgnqd.onion	Up	33%
http://heac3upmfv33scnkeek64dqdx2cblv7z256aezluyvgtwsxi2o3coiid.onion/	Down	20%
http://uss2a5zyeth7sop57zhgqcyafmnbkmoknps3i7anusze77zppp4bf5yd.onion/	Down	40%
http://67cw3reg2revettu2xfhaaaxhoukctplr6u6mhzri5x6uflet5bq56ad.onion	Down	0%

Chat servers4

Url	Status	Uptime 30d
http://6mw4yczxeqoiq7rgwnpi75qxsjd5jykuutpatflybodwlckoarhfdlid.onion/	Down	0%
http://7puvv4qtcrigzbxshqibkpibzbmrs6thb7s6uf3tisqfp3t2ddpp66id.onion/	Down	0%
http://vir3qwnhwtdriaejfsav6fu5y5ikqlyp5ml345eenlk4pxgabqpf4iid.onion/	Down	0%
http://cfmjv7md32ovswerbaqvxtlznqk647p5coqghbrhyy6euexrffyo6zyd.onion	Down	0%

Activity (interactive) 141

Posts141

Date	Title	Description	Screen
2025-11-18	Con*******.com		Screen
2025-11-18	**e-det.de		Screen
2025-10-16	*****.com		Screen
2025-10-16	L********den.com		Screen
2025-09-07	TuftsMedicine		Screen
2025-08-09	Wstg-steuerberater.de		Screen
2025-08-09	Tu*******ne		Screen
2025-08-09	Go********l		Screen
2025-08-09	*********.bh		Screen
2025-08-09	*******roup.ro		Screen
2025-07-07	Nos********om.br		Screen
2025-07-07	Ws*******.de		Screen
2025-06-27	Pensions.gov.lk		Screen
2025-06-06	Productionsaw.com	Country: USA Views: 164
2025-05-06	**********li.com		Screen
2025-04-18	Bosshard-farben.ch		Screen
2025-04-18	Pe*************.lk		Screen
2025-04-18	Orl***********.com		Screen
2025-04-18	pea**********.uk		Screen
2025-04-18	Pc***********.org		Screen
2025-03-20	Oag.state.va.us
2025-03-20	Wr-recht.de
2025-03-20	Baltimorecityschools
2025-03-20	Fi***************.pa
2025-03-20	St***********.nl
2025-02-25	ba**********.org		Screen
2025-02-20	Waggonereng.com		Screen
2025-02-20	op*********.eu		Screen
2025-02-20	wr********.de		Screen
2025-02-20	pen********.de		Screen
2025-02-20	oa*************.us		Screen
2025-02-03	Ad***********.ca
2025-01-30	Centromedicoenova	Country: Spain Views: 69 View more /enova Public <100GB
2025-01-29	Premierautocredit.com	Country: USA Views: 53 View more /pac Public 156GB
2025-01-28	Kaisersbach.de	Country: germany Views: 106 View more /kaiser Public <100GB
2025-01-28	Neovita.de	Country: germany Views: 88 View more /neovita Public 227GB
2025-01-23	Bwfg.at
2025-01-21	pre*************.com
2025-01-21	Wa**********.com
2025-01-21	ge*******.com
2024-12-30	Mai***********.de
2024-12-30	bac***********.com.au
2024-12-30	Town of Ponoka
2024-12-19	Kai*************.de
2024-12-19	Ne***********.de
2024-12-11	Fmp.gob.pe
2024-12-10	N************.uk
2024-12-09	Orthopaedie-hof.de
2024-12-09	Ukh-hof.de
2024-12-04	Donnewalddistributing
2024-11-28	Bw**********.at
2024-11-28	Ma************.de
2024-11-28	Or*************.de
2024-11-28	Uk***********.de
2024-11-19	Globalresultspr.com
2024-11-16	don****************.com
2024-11-16	F************.pe
2024-11-06	SCAFF'HOLDING		Screen
2024-11-06	Glo**************.com		Screen
2024-11-06	o******************v		Screen
2024-10-21	mm********.com		Screen
2024-09-28	Wertachkliniken.de		Screen
2024-09-28	Pennvet.com		Screen
2024-09-28	Ful************.com		Screen
2024-09-28	Te***************.net		Screen
2024-09-15	Pen*****************.com		Screen
2024-09-15	El**********.hu		Screen
2024-09-15	we****************.de		Screen
2024-08-22	Kalaswire.com		Screen
2024-08-22	Dunlop Aircraft Tyres		Screen
2024-08-22	Vibo.dk		Screen
2024-08-22	Hvb-ingenieure.de		Screen
2024-08-22	Westermans.com		Screen
2024-08-22	Stjamesplace.org		Screen
2024-08-22	Dd*******uk		Screen
2024-08-22	Entr**************.fr		Screen
2024-08-22	Cb**********.com		Screen
2024-07-20	upcli.com		Screen
2024-07-20	Vi*********.dk		Screen
2024-07-20	Hv*************.de		Screen
2024-07-20	We*******.com		Screen
2024-07-20	Ka******.com		Screen
2024-07-09	Dun*****************uk		Screen
2024-07-02	Longviewbridge.com		Screen
2024-07-02	Ruland-viersen.de		Screen
2024-07-02	P********.pl		Screen
2024-07-02	Unit*****************.com		Screen
2024-06-20	Mundocar.eu		Screen
2024-06-20	lo***********.com		Screen
2024-06-20	ab*******.org		Screen
2024-05-30	Baeckerei-raddatz.de		Screen
2024-05-30	Rul**********.de		Screen
2024-05-05	cli*********.com		Screen
2024-05-05	bae************.de		Screen
2024-04-29	Speditionweise.de		Screen
2024-04-29	Wencor.com		Screen
2024-04-29	Theharriscenter.org		Screen
2024-04-29	Mu*****.eu		Screen
2024-04-29	Cv*****.com		Screen
2024-04-29	Ce***.com		Screen
2024-04-29	B*****.hu		Screen
2024-03-25	Forgepresion.com
2024-03-25	Ponoka.ca		Screen
2024-03-25	Vhs-vaterstetten.de		Screen
2024-03-25	Gascontec.com		Screen
2024-03-25	Equatorial Energia		Screen
2024-03-25	we****.com		Screen
2024-03-25	The************.org		Screen
2024-03-25	Sped**********.de		Screen
2024-01-08	Maas911.com		Screen
2023-12-03	farwickgrote.de		Screen
2023-12-03	kvfcu.org		Screen
2023-12-03	skncustoms.com		Screen
2023-12-03	euro2000-spa.it		Screen
2023-12-03	Thenewtrongroup.com		Screen
2023-12-03	Bankofceylon.co.uk		Screen
2023-12-03	carranza.on.ca		Screen
2023-08-24	Arus-gmbh		Screen
2023-08-24	Sportlab-srl		Screen
2023-08-24	BONI-PASSAU.DE		Screen
2023-08-24	lusis-avocats.com		Screen
2023-08-24	werk33.com		Screen
2023-08-24	GRIDINSTALLERS.com		Screen
2023-08-24	surapon.com		Screen
2023-08-24	mps-24.com		Screen
2023-08-24	gruppomoba.com		Screen
2023-08-24	stshcpa.com.tw		Screen
2023-08-24	ihopmexico.com		Screen
2023-08-24	Nicer technology		Screen
2023-08-24	binhamoodah.ae		Screen
2023-08-24	first-resources-ltd		Screen
2023-08-24	Sbs-Berlin		Screen
2023-08-24	imtmro.com		Screen
2023-08-24	INCOBEC		Screen
2023-08-24	still95.it		Screen
2023-08-24	gsh-cargo.com		Screen
2023-08-24	flamewarestudios.com		Screen
2023-08-24	ALEZZELPOWER.com		Screen
2023-08-24	Notaires.fr		Screen
2023-08-24	Sonabhy.bf		Screen
2023-08-24	KVFCU.ORG