SUNCRYPT
SunCrypt is a ransomware family active since at least the end of 2019.
Profile source: Mallory opens in a new tabSUNCRYPT
Family profile
SunCrypt is a ransomware family active since at least the end of 2019. It operated a data leak site launched in August 2020 and is associated with double-extortion activity, with reporting also describing its use in triple extortion. In October 2020, SunCrypt operators or an affiliate used distributed denial-of-service (DDoS) attacks against a victim when ransom negotiations stalled, using the disruption to pressure payment. SunCrypt has been referenced alongside other major ransomware strains in affiliate ecosystems, including reporting that a Conti affiliate later worked with SunCrypt, Monti, and LockBit strains. Mandiant observed the PowerShell dropper WARPRISM delivering SUNCRYPT, Cobalt Strike BEACON, and MIMIKATZ, with payloads loaded directly into memory to evade endpoint detection; Mandiant also noted WARPRISM may be used by multiple groups. SunCrypt appeared among notable ransomware variants in Q3 2021 with 2.5% market share. High-confidence details in the provided content identify SunCrypt primarily as a ransomware operation known for data-leak extortion and for using DDoS as an additional coercive tactic.
Ransomware.live
Operational record
MITRE ATT&CK
SUNCRYPT in ATT&CK
2 distinct techniquesReporting
Research mentioning SUNCRYPT
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat | Mandiant | Google Cloud Blog
WARPRISM is a PowerShell dropper that has been observed by Mandiant delivering SUNCRYPT...
Understanding the Ransomware Ecosystem | by Efstratios Lontzetidis | Medium
In October 2020, a SunCrypt ransomware affiliate bombarded a victim with distributed denial-of-service (DDoS) attacks when payment negotiations stalled.
Ransomware Revenue Down As More Victims Refuse to Pay - Chainalysis
...a Conti affiliate who began working with the Suncrypt, Monti, and Lockbit strains.
Ransomware Diaries: Volume 1 | Analyst1
You see, SunCrypt, another ransomware gang, used the DDoS tactic as a form of extortion back in 2020...
Aggressive BlackCat Ransomware on the Rise
...triple extortion, a tactic that was observed being used by groups like Avaddon and Suncrypt in the past.
BlackCat ransomware targeting US, European retail, construction and transportation orgs | ZDNET
"...triple extortion, a tactic that was observed being used by groups like Avaddon and Suncrypt in the past"
Ransomware attackers down shift to 'Mid-Game' hunting in Q3 2021
Suncrypt was new in the top variants in Q3 2021, with 2.5% market share.
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
WARPRISM is a PowerShell dropper that has been observed by Mandiant delivering SUNCRYPT, BEACON, and MIMIKATZ.