Crylock
Known to be a RaaS
Description
CryLock is a ransomware variant that emerged around April 2020, evolving from the Cryakl (Fantomas) ransomware family. It follows a semi-affiliate model, offering customizable options for partners—such as variable encryption routines, network scanning for lateral movement, shadow copy deletion, and process termination—and flexible delivery methods. During encryption, CryLock renames files to include the developer email, a unique victim ID, and a randomized three-letter extension. Victims typically encounter a countdown timer in a pop-up ransom message that warns about escalating ransom costs and potential loss of decryption capabilities.
| External Analysis |
| https://www.pcrisk.com/removal-guides/16814-crylock-ransomware |
| https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.crylock.h |
| https://www.alartindex.com |
| https://www.singleton.com/blog/describing-crylock-ransomware |
| https://www.watchguard.com/ |
| Mail |
| grand@horsef***er.org |
| flydragon@mailfence.com |
| tomascry@protonmail.co |
| Telegram |
| @assist_decoder |
| @Fileraptor |
| @Helpdecrypt |
| Urls |
Screen |
| http://d57uremugxjrafyg.onion |
|