crynox

ransomware group

Crynox (sometimes referred to as “Crynox Ransomware”) appears to be a generic file-locker threat that appends .crynox to encrypted files and drops a ransom note (read_it.txt) instructing victims to contact crynoxWARE@proton.me. It seems to use RSA-4096 and AES for encryption and may change desktop wallpaper, but there's no evidence of double-extortion or leak site operation. Distribution methods cited include phishing, pirated software, and malicious websites.

Victims

records

First Discovered

—

victim

Last Discovered

Apr 13, 2026

victim

Inactive Since

—

Countries

hit

Group Activity

Last 12 months

Jun

2025

Jul

2025

Aug

2025

Sep

2025

Oct

2025

Nov

2025

Dec

2025

Jan

2026

Feb

2026

Mar

2026

Apr

2026

May

2026

Victims (0)

No victims recorded

Infrastructure

No sites tracked