CryLock is a ransomware family also referred to in the provided content as Cryakl after a reported rebrand. The content states it has operated since roughly 2014/2015 and identifies it as one of the ransomware families whose leaked source code and builders contributed to the creation of later variants. High-confidence reporting in the content links CryLock to a Russian developer who was sentenced by the Brussels criminal court to seven years in prison for developing the malware and leading its deployment on thousands of computers. A female co-conspirator was also reportedly sentenced to five years for advertising the ransomware and negotiating with victims. The content further notes that Belgian authorities detained the pair in Spain in 2023 and extradited them to Belgium, and that law enforcement seized more than €60 million in cryptocurrency tied to proceeds from the CryLock operation. Beyond its classification as ransomware and its large-scale deployment, the provided content does not include specific technical details on encryption behavior, infection vectors, targeted sectors, platforms, or indicators of compromise.
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
1 distinct technique documented for this family, organized by ATT&CK tactic.
6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Ransomware family cited as a source of leaked code/builders used to create new variants.
Ransomware family operated as an early ransomware-as-a-service (RaaS) model; article references operators, victim scale, and criminal proceeds.
Ransomware family referenced in the context of law-enforcement action against its developer for large-scale deployment and extortion activity.
Ransomware used to infect large numbers of users and extort victims by encrypting data; developers/affiliates were prosecuted in Belgium.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.