MidnightCrypt Active
Ransomware group first observed in 2024. Uses PowerShell Empire for deployment.2
Total Victims
2024-11-01
First Seen
2026-03-06
Last Seen
0
Known TTPs
12.1d
Avg Delay
0
Negotiations
ONION URLS
rw2vz53in44qg2r5bqiejkgmrqbc7pcpr455exxldiraroquvuot2gpu.onion
TOOLS
PowerShell Empire
GMER
Certify
FILE EXTENSIONS
.pwned
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| 2026-03-06 | Diamond Services | Switzerland | Legal | Published |
| 2026-03-06 | Metro Enterprises | Canada | Healthcare | Published |
No TTPs data
No YARA rules
No IoCs
No ransom notes