216.73.217.139

CrazyHunter: The Rising Threat of Open-Source Ransomware

· Published 08/04/2025 10:30 · Modified 08/04/2025 11:53

Export JSON

Essential information

Published
08/04/2025 10:30
Modified
08/04/2025 11:53
Tags
2025-04-08 crazyhunter prince ransomware ransomware
Related entities
10 observables, 1 intrusion sets (apt), 4 techniques (mitre), 2 malware, 2 others

Description

A attack on Mackay Memorial Hospital in Taiwan highlights the growing use of publicly available offensive tools by threat actors. The , built using the builder from GitHub, encrypted over 600 devices across two hospital branches. The attack, likely initiated via a USB device, employed various tools for defense evasion, encryption, and lateral movement. The threat actor used a vulnerable Zemana driver to disable security products, utilized the builder for file encryption, and leveraged SharpGPOAbuse for lateral movement. The incident demonstrates the increasing accessibility of cyber attack tools, enabling even less skilled actors to launch sophisticated attacks. This trend poses significant challenges for attribution and defense against threats.

External references