Crynox
Description
Crynox (sometimes referred to as “Crynox Ransomware”) appears to be a generic file-locker threat that appends .crynox to encrypted files and drops a ransom note (read_it.txt) instructing victims to contact crynoxWARE@proton.me. It seems to use RSA-4096 and AES for encryption and may change desktop wallpaper, but there's no evidence of double-extortion or leak site operation. Distribution methods cited include phishing, pirated software, and malicious websites.
External Analysis |
https://www.pcrisk.com/removal-guides/27862-ciphbit-ransomware |
https://sensorstechforum.com/crynox-ransomware/ |
https://www.pcrisk.com/removal-guides/31766-crynox-ransomware |
https://www.cyclonis.com/remove-crynox-ransomware/ |
Mail |
crynoxWARE@proton.me |