New research from Trellix detailed that CrazyHunter ransomware has emerged as a serious and escalating threat, underscoring the growing sophistication of modern cybercriminal operations. Trellix has tracked the malware since its first appearance, observing rapid technical evolution and increasing activity. To date, the primary targets have been healthcare organizations in Taiwan, with six confirmed victims. Technically, CrazyHunter is a fork of the Prince ransomware that surfaced in mid-2024, but it incorporates meaningful enhancements, particularly in network intrusion methods and anti-malware evasion capabilities.
“CrazyHunter, a Go-developed ransomware, employs advanced encryption and delivery methods targeted against Windows-based machines. It uses a data leak site to publicize victim information,” Aswath A, a Trellix researcher, wrote in a company blog post last week. “According to available information, the primary industry targeted by CrazyHunter ransomware is the healthcare sector, with repeated attacks on hospitals in Taiwan. This preference is likely due to the critical nature of healthcare services, where vast amounts of sensitive patient data are held by these organizations, and downtime can have severe consequences.”
Aswath added that the primary targets of the CrazyHunter ransomware have been companies in Taiwan, with six organizations known to be compromised. The attackers maintain a data leak site where they publicize information about their victims, particularly those who do not cooperate.
Read the rest of the story at Industrial Cyber.
