Skip to content
Ransomware group

Cry0

cry0 is identified in the provided content as a ransomware group.

Profile source: Mallory opens in a new tab

Cry0

Family profile

cry0 is identified in the provided content as a ransomware group. The content states that cry0 reportedly sponsored a $10,000 dark web article contest announced on the TierOne forum, with prizes for technical writeups focused on vulnerability exploitation. Eligible topics included advanced offensive security subjects such as remote code execution, command injection, IDOR, SSTI, insecure deserialization, firmware attacks, zero-day discovery, AI-assisted vulnerability research, AV/EDR bypass, and RPC exploitation. The content also references cry0 engaging on the T1erOne forum, a closed underground forum that emerged in early February 2026 after the seizure of RAMP and that openly permits ransomware activity. At the time of writing, the content states that cry0 had not publicly referenced T1erOne on its known communication channels. No additional aliases, sub-groups, victimology, or nation-state attribution are provided in the content.

Ransomware.live

Operational record

View group record ↗

Ransomware.live

Published indicators

Full source record ↗

Tox

1 total
  • 54E9450799AFBBA90992E3C40F552C8C05D5765144396C6A1A622FD9DABD01101F9DC0CF90F4

Ip

1 total
  • 45.227.253.59:3111

Ransomware.live

Recent claims

All published claims ↗

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.