Crystal Rans0m: Hybrid ransomware with stealer capabilities
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Crystal Rans0m is a newly discovered hybrid ransomware family developed in Rust, first observed in September 2023. It combines file encryption with data stealing capabilities, doubling its leverage over victims. The malware targets browser data, Discord tokens, Steam files, and Riot Games data. It uses Discord webhooks for exfiltration and Salsa20 for file encryption. The ransom note demands payment in Monero and provides a Session ID for communication. Crystal Rans0m employs anti-VM and anti-debugging techniques. Recent samples suggest it may be modular, allowing attackers to choose specific components. While initially seen targeting Italy and Russia, its motivation appears to be financial gain without specific geographic or industry focus.
OPENCTI LABELS :
stealer,rust,discord,monero,anti-vm,hybrid ransomware,crystal rans0m,session
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Crystal Rans0m: Hybrid ransomware with stealer capabilities