socradar.io 7/13/2026, 12:33:49 PM · external

Krybit Ransomware Sparks Double Extortion Threats in 43 Countries

Krybit Ransomware Sparks Double Extortion Threats in 43 Countries
CyberSIXT Evidence Panel
Primary Source barricadecyber.com
Threat Actor

KRYBIT Ransomware is a new player in the Ransomware-as-a-Service (RaaS) landscape, first detected in March 2026, employing a double-extortion strategy to target organizations for financial gain. Following its launch, Krybit was involved in a notable public feud with rival operator 0APT, which led to internal data leaks and public compromises of both groups. The ransomware supports various platforms, including Windows and Linux, and operates a structured affiliate program.

As of April 2026, Krybit had reportedly negotiated with 20 victims, with ransom demands ranging from $40,000 to $100,000. The group's operational tactics indicate broad targeting without specific sector focus, spanning 43 countries. Despite its young age, Krybit shows operational resilience, continuing to claim new victims despite past disruptions.

View Primary Source Via socradar.io

Article by CyberSIXT