Crypto24

Parsing : Enabled

Known to be a RaaS

Description

aka Public Data Storage
Crypto24 emerged in early 2025 as a fast-growing double-extortion ransomware-as-a-service (RaaS) group. It targets organizations across industries such as financial services, healthcare, logistics, and technology, with notable victims in Malaysia, Colombia, Egypt, and India. The group executes rapid infiltration—often leveraging stolen credentials—encrypts files (appending the .crypto24 extension), and exfiltrates significant volumes of data (e.g., 2 TB from Vietnam’s CMC Group). Affiliate-oriented operations are indicated by their presence on RAMP forums, suggesting professional recruitment and offering free decryption for small file samples to entice victims.

External Analysis
https://exchange.xforce.ibmcloud.com/threats/guid%3Afa7cb7e2ed554da0b7413eca362ed8f8
https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/crypto24
https://www.sangfor.com/blog/cybersecurity/vietnam-cmc-group-ransomware-attack-anatomy-asian-cyber-shock
https://www.cyfirma.com/research/tracking-ransomware-april-2025
Mail
crypto24support@pm.me
noreply@crypto24lab.com
Session
05627a685204cef278f7c6d90cb8cb0e213bc58e858e9602faffd5c22f1024af79
Urls
Screen
http://j5o5y2feotmhvr7cbcp2j2ewayv5mn5zenl3joqwx67gtfchhezjznad.onion/
Screen
http://j5o5y2feotmhvr7cbcp2j2ewayv5mn5zenl3joqwx67gtfchhezjznad.onion:5050/data
Screen
File servers
Screen
Chat servers
Screen
Admin servers
Screen

Posts

Date Title Description Screen
2025-08-18
Palmgold Management Sdn Bhd
2025-08-16
CMS Legal Services EEIG
2025-08-15
Karndean International, LLC
2025-08-12
Kar ***
2025-07-22
SOUBEIRAN CHOBET S.R.L.
2025-07-20
TransCore ITS, LLC
2025-07-17
Sou ***
2025-07-16
Tra ***
2025-07-16
Larimart S.P.A
2025-07-14
Lar ***
2025-07-10
Warisan TC Holdings Berhad We have exfiltrated over 300GB of sensitive data, including Customer databases (all dbs of wtc - TOURPLAN, CRM, E-INVOICE,...),Legal and HR documents, Financial and employee records, Contractual documents with partners and customers.
Screen
2025-07-10
Tan Chong Motor Holdings Berhad Data Size: 300GB We have exfiltrated over 300GB of sensitive data, including Customer databases (all dbs of tanchong - NAV, BRASSTAX, VTS, CRM, E-INVOICE,...),Legal and HR documents, Financial and employee records, Contractual documents with partners and customers.
Screen
2025-07-10
A-Qroup Sığorta Şirkəti Data Size: 730GB The entire InsureAZ database has been leaked — including real insurance documents and all related materials such as medical, auto, and internal corporate records.
Screen
2025-07-10
Artemis Healthcare, Inc 1TB It contains sensitive personal data, including medical records, official documents, and imaging files of millions of patients, as well as various databases.
Screen
2025-07-10
Sagence AI Data Size: 2.4TB This leak contains the full TSMC 5nm and 7nm Process Design Kits, UMC 40ULP PDK and FDK, along with confidential AI-related project data from internal R&D, including simulation models, layout files, hardware accelerator designs, and proprietary training architectures, all sourced directly from foundry servers.
Screen
2025-06-05
Tien Tuan Pharmaceutical Machinery Co. Ltd
2025-06-05
FORTÉ
2025-05-29
Choice AG
2025-05-28
Elite Advanced Laser Corporation ( Elaser )
2025-05-28
Elaser
2025-04-23
N8XT
2025-04-12
CMC Corperation 2 TB data including Token Data, Database Data, Website Data, ... from MariaDB, MongoDB and RARS-DB etc ... in DataCenter.
2025-04-11
ModulusGroup,Ludi-SFM casino customer info, db, ERP data, casino system projects source code and so on.
2025-04-08
Iris Neofinanciera iris.com.co 1TB Colombia
2025-04-08
International Busines Service ibsns.com 2GB Egypt
2025-04-08
technoforte software pvt ltd Technoforte.co.in 30GB India
2025-04-08
Mochtar Karuwin Komar: Indonesian law firm - MKK mkklaw.net 700GB Indonesia
2025-04-08
Taxplan taxplann.ca 856.4GB Canada