RansomLook logo RansomLook

Cloak

Compare
cloak logo
Parsing: enabled Captcha in place

View crypto

Description

Cloak is a cybercriminal ransomware group that first appeared publicly in mid-2023, operating with a double-extortion model. It deploys an ARCrypter variant derived from Babuk, delivered via loaders that terminate security and backup services, delete shadow copies, and install encrypted payloads using algorithms like HC-128 combined with Curve25519 key generation. Victims include entities such as the Virginia Attorney General’s Office, whose IT systems were disrupted and whose data (134 GB) was exfiltrated and listed on Cloak’s Tor leak site. Cloak has been linked to other ARCrypter variants like Good Day, sharing victim portals and infrastructure. Its operations reportedly use initial access brokers, phishing, malvertising, and exploit kits for network infiltration.

External Analysis5
External Analysis
https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/cloak
https://www.thaiCERT.or.th/en/2025/03/25/cloak-ransomware-attacks-virginia-attorney-generals-office/
https://www.halcyon.ai/blog/cloak-ransomware-variant-exhibits-advanced-persistence-evasion-and-vhd-extraction-capabilities
https://www.sentinelone.com/blog/threat-actor-interplay-good-days-victim-portals-and-their-ties-to-cloak/
https://www.cyberint.com/blog/other/cloak-ransomware-whos-behind-the-cloak/
Ransom notes3
Urls1
Url
Status
Screen
Uptime 30d
Health
http://cloak7jpvcb73rtx2ff7kaw2kholu7bdiivxpzbhlny4ybz75dpxckqd.onion Down Screen
67%
File servers34
Url
Status
Screen
Uptime 30d
Health
http://jpef6snenchj3rxgugsozky3i34q66vmcoqy7neyu37xxiwxrad5doid.onion Down
http://glrw7ip5gz2fv2njbiqfvg5uiwavllw5zuixko4yrpj5hta7fjwqpjqd.onion Up Screen
33%
http://vicjwr6abknvcfjomocyb3koloidahc3hidwt5sq2ytwk7yepwfzlsid.onion Down Screen
67%
http://puzhh5aykks65qneqantprbqjt6k5bnigmwqwv6yvkxvkfu4ivva5mid.onion Down Screen
0%
http://piatupks5hai3oafo66xlj2eg2fbzjqy2j7gy3nyhqmnthlrwvrsolad.onion Down Screen
0%
http://necnstpnzuaovjocmiuv7ned7bstczit3kkvotqxl53xo5rfohndlvid.onion Up Screen
0%
http://ey2eak3vq5zbeu4s56m25mm4kvszy2is7gyjs6tsfzmhptbyijkzn2yd.onion Up Screen
67%
http://b53cqorlo7uftd3ymxguwnn7rfoz54ryoojjqxowdsaw2bahvuppntyd.onion Up Screen
0%
http://l3bbtg2p2gp2x43e2nngzkf7ab52k4mef3saowrl6m5notkts7p2vfyd.onion Down Screen
0%
http://vsdp5gqwrunytxw4f6dbxznux66aaewlwyenw3rantba4lwyzbckgfid.onion Up Screen
0%
http://a6gq22ngckken4xksz5ytl66sqeylh45ktke5pnbzfdksw5sfum5lvqd.onion Down Screen
33%
http://nbfxtlikrnicuht5yvvhlujpnh3spzjmek6eujeyck2ws34yytxjdhyd.onion Down Screen
67%
http://ziburuf5kh4phq5i6nmukpke7uruflhlvfexfmjwiwgghapz6ug3ajyd.onion Down Screen
33%
http://am3mzzguimx45wxywpukvwf3gobt3r4bidxzntjpsmqqge4s3vi2vvid.onion Down Screen
33%
http://occwme3xtlnzk3nlhn5ewsgodswrp6pysmmk7kcxqgj4hyiwkhoqcuyd.onion Down Screen
67%
http://qyywpuxysuur4exynwwwhu6nbd2f5vpj3h4tjbltfhwd4blamd4fppqd.onion Down Screen
33%
http://hsn2e745m36crxj2gmnrp432vbsyarhwvq3fgcyus345dp3oqlrltuad.onion Up Screen
0%
http://pbbeck4xcy3jzbu6lv5db3c5n3n44wngmpb5jj3yo4px32mlznziwbid.onion Down Screen
67%
http://hmxt5u75kj5qxqjqhckgaoda6zndgxcazleersyioat4iuq3ldgmkcid.onion Up Screen
33%
http://cii64fki62v2mudocjvgarzlmnpqrfp6xb7korapmdd7qmjpnccgduyd.onion Down Screen
33%
http://jrmayo7rvsx6sbv36djpdge6iwuem67dhccpctera2ykmqr6kplhayad.onion Down Screen
33%
http://ljrswxeei4isir3s5i7xmlzpx6sabmkgd7mvjrimcqwu7rqpn7bdjfad.onion Up Screen
0%
http://qixf7fqw237ikunw4ey22jsc4deltducf6zn4mq4ldyqab3ij3gehlyd.onion Up Screen
67%
http://ztqugnw4upfmd6mu3l6sdz2mfvzxzouhwgqqowyjeedgsmz733dqq2ad.onion Up Screen
33%
http://u66kitj46wmr5onijbbkg7cq45crcs66c563kyqy6klxm5c2nz42ujid.onion Up Screen
33%
http://e7gxrudyx2o733zlernyqqv623wyky5teor5xhnnx2g6dt4vf6jwn2yd.onion Down Screen
33%
http://qx2b2on5phkj4jczfpzfkb5cuhxn7wfqbgdu27pmxyzamoim3jqff6qd.onion Down Screen
0%
http://37izr5yow5d673agew22miyy3inbqncuv7gfp5372yciuzvadqef66yd.onion Up Screen
33%
http://d2wqt4kek62s35hjeankc75nis4zn4e5i6zdtmfkyeevr7fygpf2iiid.onion Down
http://sclj2rax5ljisew3v4msecylzo7iieqw25kcl7io4szei4qcujxixaid.onion Up Screen
33%
http://xyy2fymbdytltylyuicasuvw7vw3gtgm3cvvjskh4jnzfg3gp7dqgnqd.onion Down Screen
67%
http://heac3upmfv33scnkeek64dqdx2cblv7z256aezluyvgtwsxi2o3coiid.onion/ Up Screen
33%
http://uss2a5zyeth7sop57zhgqcyafmnbkmoknps3i7anusze77zppp4bf5yd.onion/ Up Screen
33%
http://67cw3reg2revettu2xfhaaaxhoukctplr6u6mhzri5x6uflet5bq56ad.onion Down Screen
Chat servers3
Url
Status
Screen
Uptime 30d
Health
http://6mw4yczxeqoiq7rgwnpi75qxsjd5jykuutpatflybodwlckoarhfdlid.onion/ Down
http://7puvv4qtcrigzbxshqibkpibzbmrs6thb7s6uf3tisqfp3t2ddpp66id.onion/ Down
http://vir3qwnhwtdriaejfsav6fu5y5ikqlyp5ml345eenlk4pxgabqpf4iid.onion/ Down
Activity (interactive) 139
Activity charts
Posts139
Date Title Description Screen
*****.com Post screen
L********den.com Post screen
TuftsMedicine Post screen
Wstg-steuerberater.de Post screen
Tu*******ne Post screen
Go********l Post screen
*********.bh Post screen
*******roup.ro Post screen
Nos********om.br Post screen
Ws*******.de Post screen
Pensions.gov.lk Post screen
Productionsaw.com Country: USA Views: 164
**********li.com Post screen
Bosshard-farben.ch Post screen
Pe*************.lk Post screen
Orl***********.com Post screen
pea**********.uk Post screen
Pc***********.org Post screen
Oag.state.va.us
Wr-recht.de
Baltimorecityschools
Fi***************.pa
St***********.nl
ba**********.org Post screen
Waggonereng.com Post screen
op*********.eu Post screen
wr********.de Post screen
pen********.de Post screen
oa*************.us Post screen
Ad***********.ca
Centromedicoenova Country: Spain Views: 69 View more /enova Public <100GB
Premierautocredit.com Country: USA Views: 53 View more /pac Public 156GB
Kaisersbach.de Country: germany Views: 106 View more /kaiser Public <100GB
Neovita.de Country: germany Views: 88 View more /neovita Public 227GB
Bwfg.at
pre*************.com
Wa**********.com
ge*******.com
Mai***********.de
bac***********.com.au
Town of Ponoka
Kai*************.de
Ne***********.de
Fmp.gob.pe
N************.uk
Orthopaedie-hof.de
Ukh-hof.de
Donnewalddistributing
Bw**********.at
Ma************.de
Or*************.de
Uk***********.de
Globalresultspr.com
don****************.com
F************.pe
SCAFF'HOLDING Post screen
Glo**************.com Post screen
o******************v Post screen
mm********.com Post screen
Wertachkliniken.de Post screen
Pennvet.com Post screen
Ful************.com Post screen
Te***************.net Post screen
Pen*****************.com Post screen
El**********.hu Post screen
we****************.de Post screen
Kalaswire.com Post screen
Dunlop Aircraft Tyres Post screen
Vibo.dk Post screen
Hvb-ingenieure.de Post screen
Westermans.com Post screen
Stjamesplace.org Post screen
Dd*******uk Post screen
Entr**************.fr Post screen
Cb**********.com Post screen
upcli.com Post screen
Vi*********.dk Post screen
Hv*************.de Post screen
We*******.com Post screen
Ka******.com Post screen
Dun*****************uk Post screen
Longviewbridge.com Post screen
Ruland-viersen.de Post screen
P********.pl Post screen
Unit*****************.com Post screen
Mundocar.eu Post screen
lo***********.com Post screen
ab*******.org Post screen
Baeckerei-raddatz.de Post screen
Rul**********.de Post screen
cli*********.com Post screen
bae************.de Post screen
Speditionweise.de Post screen
Wencor.com Post screen
Theharriscenter.org Post screen
Mu*****.eu Post screen
Cv*****.com Post screen
Ce***.com Post screen
B*****.hu Post screen
Forgepresion.com
Ponoka.ca Post screen
Vhs-vaterstetten.de Post screen
Gascontec.com Post screen
Equatorial Energia Post screen
we****.com Post screen
The************.org Post screen
Sped**********.de Post screen
Maas911.com Post screen
farwickgrote.de Post screen
kvfcu.org Post screen
skncustoms.com Post screen
euro2000-spa.it Post screen
Thenewtrongroup.com Post screen
Bankofceylon.co.uk Post screen
carranza.on.ca Post screen
Arus-gmbh Post screen
Sportlab-srl Post screen
BONI-PASSAU.DE Post screen
lusis-avocats.com Post screen
werk33.com Post screen
GRIDINSTALLERS.com Post screen
surapon.com Post screen
mps-24.com Post screen
gruppomoba.com Post screen
stshcpa.com.tw Post screen
ihopmexico.com Post screen
Nicer technology Post screen
binhamoodah.ae Post screen
first-resources-ltd Post screen
Sbs-Berlin Post screen
imtmro.com Post screen
INCOBEC Post screen
still95.it Post screen
gsh-cargo.com Post screen
flamewarestudios.com Post screen
ALEZZELPOWER.com Post screen
Notaires.fr Post screen
Sonabhy.bf Post screen
KVFCU.ORG
Note