THREATNOIR
Subscribe
Back to Feed
RansomwareApr 3, 2026

‼️ New Ransomware Group: Krybit krybitxdpxohsmjooeb3gbgpmdddreh6mnflzac6bnezz74b7yje67yd[.]onion...

New ransomware group Krybit emerges with Tor-based infrastructure.

Read at source

Summary

A previously unknown ransomware group named Krybit has been identified operating multiple Tor-based onion sites, likely used for victim data exfiltration and ransom negotiations. The group has registered at least three distinct .onion domains associated with their infrastructure. This represents an emerging threat in the ransomware-as-a-service ecosystem.

Indicators of Compromise

  • domain — krybitxdpxohsmjooeb3gbgpmdddreh6mnflzac6bnezz74b7yje67yd.onion
  • domain — krybitx3fh5krdnhegyp2ob3lhizsaiadturtio3ginf7it5gsdgu2yd.onion
  • domain — krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion

Entities

Krybit (threat_actor)