Ransomware.live: crosslock

CrossLock is a short-lived Go-based ransomware group that appeared in April 2023 and went dark by July 2023, using Curve25519 and ChaCha20 encryption and double-extortion tactics with only one known confirmed victim in the IT sector in Brazil.

Victims

First Discovered

2023-04-17

victim

Last Discovered

2023-04-17

victim

Inactive Since

3yrs

more than

Avg Delay

N/A

attack→claim

Infostealer

100.0%

victims with domain

Countries

hit

Known Locations (1)

Favicon	Title	Type	Available	Last Visit	Server Info	FQDN
	Cross Lock - Data leak		No	2026-04-28T07:23:21		`crosslock5cwfljbw4v37zuzq4talxxhyavjm2lufmjwgbpfjdsh56yd.onion`

Target

Top 5 Activity Sectors

Agriculture and Food Production 1

Top 5 Countries

Brazil 1

Heatmap

TTPs Matrix (6)

This information is provided by Crocodyli & Ransomware.live
Execution	Privilege Escalation	Defense Evasion	Discovery	Lateral Movement	Impact
Command and Scripting Interpreter	Abuse Elevation Control Mechanism	Process Injection	System Service Discovery	Remote Services	Data Encrypted for Impact
		Indicator Removal	Process Discovery		Inhibit System Recovery
			File and Directory Discovery

YARA Rules (1)

Victims (1)

validcertificadora.com.br

Crosslock

Discovered: 2023-04-17 (3y ago)

VALID Certificadora Digital Ltda is a company that operates in the Farming industry. It employs 501-…