CryptNet is a financially motivated ransomware-as-a-service (RaaS) operation that emerged in April 2023, advertised on Russian-language underground forums. The group's primary motivation is financial gain through double extortion tactics, combining data encryption with data exfiltration and public shaming on a Tor-based leak site. CryptNet distinguishes itself by offering a high 90 percent profit share to its affiliates, a notable incentive in the RaaS market. The group's ransomware variant is written in the .NET programming language and is closely related to the Chaos ransomware family, particularly the Yashma variant, suggesting it may be a rebrand or evolution of existing ransomware code, streamlined for improved encryption performance. The group is assessed with high confidence to be of Russian origin, indicated by its advertisement on Russian dark web forums where targeting Russia is typically prohibited.

URLs nuevas detectadas en IntelTracker