SunCrypt Ransomware is a ransomware variant working with Maze threat actors. Based on threat intelligence about two months ago, Maze established a cartel of ransomware operations for knowledge sharing of techniques to aide one another in extorting victims.

SunCrypt has been around since October 2019 but has begun to merge into environments within the last few weeks. They claim to be independent of the Maze ransomware operation but have “two-way communication channels with them.” SunCrypt is responsible for taking off some of the workload for Maze due to such a high volume of opportunity in the industry right now. 

If a ransomware operation is successful, both Maze and SunCrypt are compensated. Twitter account, @GrujaRS releases a conversation between the SunCrypt threat actors and one if its victims. @GrujaRS also discloses the five organizations hit by SunCrypt Ransomware.

A screenshot of a Tweet with 4 images attached outlining a conversation with the ransomware operator 

A conversation with the SunCrypt ransomware operator 

The conversation above demonstrates how exhausted the victim is in trying to understand which ransomware strain has compromised their environment. This back and forth conversation is chilling and eyeopening. It gives an exact look and feel of what to expect and what circumstances victims face when under attack. 

Twitter account, @ransomleaks, reveals one of the five organization’s information.

A Tweet exposing an Oklahoma-based company’s information

A detailed image from the above Tweet about the Oklahoma-based company 

As seen above, three clients, Studio Architecture P.C., and FPI Management all have information exposed once “Read more” is clicked on. A preview of the data size is given to comprehend the scope of the attack. 

For more details on SunCrypt, read here

SpearTip is constantly watching for new malware and manipulative programs. Our 24/7 Security Operations Center (SOC) is fully staffed with cybersecurity professionals to monitor and protect your environment. Not only are our cybersecurity teammates continuously preventing cyberattacks, but also able to deploy our proprietary tool, ShadowSpear® in an environment before or after an attack.

Outmaneuver your adversary. has more information on why we do what we do or email [email protected] to speak with a cybersecurity engineer.

24/7 Breach Response: 833.997.7327