Cryakl
Description
also known as “Fantomas”.
Cryakl first appeared in 2014, spreading primarily across Eastern Europe and Russia via phishing emails with malicious attachments. It uses an asymmetric RSA-based encryption scheme, appending victim-specific IDs and contact emails into filenames and ransom notes. The ransomware operates under a RaaS-like model, distributing builds to affiliates for broader dissemination. In 2018, Belgian law enforcement seized Cryakl’s command-and-control infrastructure and recovered decryption keys, enabling victims to restore files via free tools like Kaspersky’s RakhniDecryptor and the NoMoreRansom project.
| External Analysis |
| https://www.pcrisk.com/removal-guides/11220-cryakl-ransomware |
| https://securelist.com/the-return-of-fantomas-or-how-we-deciphered-cryakl/86511 |
| https://www.bleepingcomputer.com/news/security/free-decryption-tool-released-for-cryakl-ransomware/ |
| https://www.digital.nhs.uk/cyber-alerts/2018/cc-2542 |
| Mail |
| ivanivanov34@aol.com |
| abu.khan@india.com |
| cryptedencoder@aol.com |