Skip to content
Ransomware group

CRPxO

CRPxO is a ransomware threat actor observed conducting extortion activity against healthcare-related organizations, including dental and biopharmaceutical entities.

Profile source: Mallory opens in a new tab

CRPxO

Family profile

CRPxO is a ransomware threat actor observed conducting extortion activity against healthcare-related organizations, including dental and biopharmaceutical entities. Reported victims include multiple U.S.-based dental practices and at least one China-based biopharmaceutical company, indicating a focus on medical and healthcare-adjacent targets with some cross-border reach.

Available reporting places CRPxO among active ransomware groups in mid-2026, with multiple claimed victims appearing within a short time window. The group has been associated with ransomware incidents that also involve alleged data theft and leak claims, consistent with double-extortion operations in which encryption is paired with exfiltration and public pressure on victims.

Observed victimology suggests an emphasis on comparatively small to mid-sized healthcare organizations, particularly dentistry practices, though current information is limited and does not establish the full scope of targeting, tooling, initial access methods, or malware lineage. No high-confidence public attribution to a nation state, specific country of origin, or broader ransomware cartel affiliation is currently available. No corroborated sub-groups or widely used aliases beyond CRPxO are currently established in the available information.

Ransomware.live

Operational record

View group record β†—

Ransomware.live

Recent claims

All published claims β†—

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.