Skip to content
Ransomware group

CryLock

CryLock is a ransomware family also referred to in the provided content as Cryakl after a reported rebrand.

Profile source: Mallory opens in a new tab

CryLock

Family profile

CryLock is a ransomware family also referred to in the provided content as Cryakl after a reported rebrand. The content states it has operated since roughly 2014/2015 and identifies it as one of the ransomware families whose leaked source code and builders contributed to the creation of later variants. High-confidence reporting in the content links CryLock to a Russian developer who was sentenced by the Brussels criminal court to seven years in prison for developing the malware and leading its deployment on thousands of computers. A female co-conspirator was also reportedly sentenced to five years for advertising the ransomware and negotiating with victims. The content further notes that Belgian authorities detained the pair in Spain in 2023 and extradited them to Belgium, and that law enforcement seized more than €60 million in cryptocurrency tied to proceeds from the CryLock operation. Beyond its classification as ransomware and its large-scale deployment, the provided content does not include specific technical details on encryption behavior, infection vectors, targeted sectors, platforms, or indicators of compromise.

Ransomware.live

Operational record

View group record ↗

MITRE ATT&CK

CryLock in ATT&CK

1 distinct techniques

Reporting

Research mentioning CryLock

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.