Actor: SunCrypt Gang

Names: SunCrypt Gang

Country: [Unknown]

Motivation: Financial gain

First-seen: 2019

Description: (Acronis) This ransomware family was first spotted in October 2019, but it was not very active at that time. The group behind it was independent in the beginning, but they recently joined the so-called Maze cartel – combining forces to rob individuals and companies around the world.

Tools: SunCrypt

Tools: WARPRISM

Operations: 2020-05

Operations: MU Health Care Phishing Attack Impacts 5,000 Patients https://www.hipaajournal.com/mu-health-care-phishing-attack-impacts-5000-patients/

Operations: 2020-08

Operations: SunCrypt Ransomware shuts down North Carolina school district https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-shuts-down-north-carolina-school-district/

Operations: 2020-08

Operations: SunCrypt Ransomware sheds light on the Maze ransomware cartel https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-sheds-light-on-the-maze-ransomware-cartel/

Operations: 2020-09

Operations: University Hospital New Jersey hit by SunCrypt ransomware, data leaked https://www.bleepingcomputer.com/news/security/university-hospital-new-jersey-hit-by-suncrypt-ransomware-data-leaked/

Operations: 2020-09

Operations: Ransomware gangs add DDoS attacks to their extortion arsenal https://www.bleepingcomputer.com/news/security/ransomware-gangs-add-ddos-attacks-to-their-extortion-arsenal/

Operations: 2020-10

Operations: Ransomware gang attacks Texas unit of global steel conglomerate https://itwire.com/security/ransomware-gang-attacks-texas-unit-of-global-steel-conglomerate.html

Information: https://www.acronis.com/en-us/blog/posts/suncrypt-adopts-attacking-techniques-netwalker-and-maze-ransomware

Last-card-change: 2021-05-15

Source: https://apt.etda.or.th/cgi-bin/listtools.cgi