Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks
Trend Micro, Thursday, August 14th, 2025
Crypto24 is a ransomware group that stealthily blends legitimate tools with custom malware, using advanced evasion techniques to bypass security and EDR technologies.
In this blog entry, we analyze the Crypto24 ransomware to offer insights into its operator's ongoing attack campaigns. Our analysis reveals that the threat actor operates with a high level of coordination, frequently launching attacks during off-peak hours to evade detection and maximize impact.
Crypto24 has been targeting high-profile entities within large corporations and enterprise-level organizations. The scale and sophistication of recent attacks indicate a deliberate focus on organizations possessing substantial operational and financial assets. The group has concentrated its efforts on organizations in Asia, Europe, and the USA, with targets spanning the financial services, manufacturing, entertainment, and technology sectors.