CRPxO
CRPxO is a ransomware threat actor observed conducting extortion activity against healthcare-related organizations, including dental and biopharmaceutical entities.
Profile source: Mallory opens in a new tabCRPxO
Family profile
CRPxO is a ransomware threat actor observed conducting extortion activity against healthcare-related organizations, including dental and biopharmaceutical entities. Reported victims include multiple U.S.-based dental practices and at least one China-based biopharmaceutical company, indicating a focus on medical and healthcare-adjacent targets with some cross-border reach.
Available reporting places CRPxO among active ransomware groups in mid-2026, with multiple claimed victims appearing within a short time window. The group has been associated with ransomware incidents that also involve alleged data theft and leak claims, consistent with double-extortion operations in which encryption is paired with exfiltration and public pressure on victims.
Observed victimology suggests an emphasis on comparatively small to mid-sized healthcare organizations, particularly dentistry practices, though current information is limited and does not establish the full scope of targeting, tooling, initial access methods, or malware lineage. No high-confidence public attribution to a nation state, specific country of origin, or broader ransomware cartel affiliation is currently available. No corroborated sub-groups or widely used aliases beyond CRPxO are currently established in the available information.
Ransomware.live
Operational record
Ransomware.live