Crynox

Description

Crynox (sometimes referred to as “Crynox Ransomware”) appears to be a generic file-locker threat that appends .crynox to encrypted files and drops a ransom note (read_it.txt) instructing victims to contact crynoxWARE@proton.me. It seems to use RSA-4096 and AES for encryption and may change desktop wallpaper, but there's no evidence of double-extortion or leak site operation. Distribution methods cited include phishing, pirated software, and malicious websites.

External Analysis
https://www.pcrisk.com/removal-guides/27862-ciphbit-ransomware
https://sensorstechforum.com/crynox-ransomware/
https://www.pcrisk.com/removal-guides/31766-crynox-ransomware
https://www.cyclonis.com/remove-crynox-ransomware/
Mail
crynoxWARE@proton.me
Urls
Screen
File servers
Screen
Chat servers
Screen
Admin servers
Screen