KRYBIT Ransomware is a new player in the Ransomware-as-a-Service (RaaS) landscape, first detected in March 2026, employing a double-extortion strategy to target organizations for financial gain. Following its launch, Krybit was involved in a notable public feud with rival operator 0APT, which led to internal data leaks and public compromises of both groups. The ransomware supports various platforms, including Windows and Linux, and operates a structured affiliate program.
As of April 2026, Krybit had reportedly negotiated with 20 victims, with ransom demands ranging from $40,000 to $100,000. The group's operational tactics indicate broad targeting without specific sector focus, spanning 43 countries. Despite its young age, Krybit shows operational resilience, continuing to claim new victims despite past disruptions.