HighMarch 27, 2026

CRYPTO24 Ransomware Group Claims New Corporate Target ActionPower

Emerging ransomware group CRYPTO24 has claimed responsibility for a cyberattack against ActionPower, indicating potential data theft and system encryption. This development signals increased activity from the threat actor in the industrial sector.

IndustrialEnergyManufacturingCritical Infrastructure

📈

Executive Summary

On March 27, 2026, security researchers identified new claims by the ransomware group CRYPTO24 regarding a successful attack against ActionPower, demonstrating the group's continued focus on industrial and energy sector targets. The attack potentially involves both data theft and system encryption, following the double extortion model common among contemporary ransomware operations. This incident represents a significant development in CRYPTO24's operational pattern, as it marks their first publicly claimed attack against a major industrial infrastructure provider in 2026. The timing and target selection suggest a strategic shift in the group's targeting methodology, potentially indicating a broader campaign against critical infrastructure sectors.

Key Findings

On March 27, 2026, security researchers identified new claims by the ransomware group CRYPTO24 regarding a successful attack against ActionPower, demonstrating the group's continued focus on industrial and energy sector targets
The attack potentially involves both data theft and system encryption, following the double extortion model common among contemporary ransomware operations
This incident represents a significant development in CRYPTO24's operational pattern, as it marks their first publicly claimed attack against a major industrial infrastructure provider in 2026
The timing and target selection suggest a strategic shift in the group's targeting methodology, potentially indicating a broader campaign against critical infrastructure sectors

Overview

The ransomware group CRYPTO24 has publicly claimed responsibility for a cyberattack against ActionPower, representing a significant threat to industrial and energy sector organizations. This development was first observed on March 27, 2026, through multiple threat intelligence channels.

Technical Analysis

While specific technical details of the attack vector remain under investigation, CRYPTO24's typical tactics, techniques, and procedures (TTPs) include:

Initial access through phishing campaigns or exposed RDP services
Lateral movement using stolen credentials
Data exfiltration prior to encryption
Deployment of custom ransomware payloads

Impact Assessment

The attack potentially impacts multiple sectors:

Direct impact on industrial control systems and operations
Supply chain implications for energy sector dependencies
Potential exposure of sensitive corporate and operational data

Recommendations

Organizations should implement the following protective measures:

Conduct immediate threat hunting activities focusing on CRYPTO24's known TTPs
Review and restrict remote access services, especially RDP exposure
Implement network segmentation for critical industrial control systems
Enhance backup solutions and test recovery procedures
Deploy multi-factor authentication across all remote access points
Update incident response plans to address ransomware scenarios

Indicators of Compromise

While specific IoCs for this incident are still emerging, organizations should monitor for:

Suspicious RDP connection attempts
Unusual data transfer patterns
Anomalous privileged account activities
Unexpected system encryption events

IndustrialEnergyManufacturingCritical Infrastructure

ransomwareCRYPTO24data theftindustrial sectorcritical infrastructuredouble extortionActionPower

🔗

Sources

2 sources

01
New claim on #ransomware / #datatheft group #Crypto24 ↗
Industry News2026-03-27
02
Ransomware: CRYPTO24 claims ActionPower ↗
Industry News2026-03-27

📅March 27, 2026

🕒Mar 27, 2026

🔗2 sources

Share this brief:

Related Briefs

HighMar 30, 2026

Windows 11 Security Posture Analysis and Critical Remediation Requirements

Critical analysis of Windows 11's current security architecture and essential improvements needed to enhance enterprise security posture. Assessment covers key vulnerabilities, recommended security controls, and strategic remediation priorities for enterprise environments.

Enterprise TechnologyGovernment

1 source

🛡

HighMar 30, 2026

AI-Driven Social Engineering Attacks on Enterprise Employees

AI-powered social engineering attacks are increasingly targeting enterprise employees, leveraging advanced tactics to bypass security controls. These attacks can lead to significant financial losses and compromised sensitive data. This brief provides an overview of the threat landscape and recommendations for mitigation.

FinanceHealthcare

3 sources

HighMar 28, 2026

GitHub Private Repository Data Training Policy: Privacy and Security Implications

Analysis of security and privacy implications regarding GitHub's policy to include private repositories in AI training data. Organizations have until April 24, 2026 to opt out of having their private repository data used for AI model training.

TechnologySoftware Development

1 source

🛡

HighMar 27, 2026

CRYPTO24 Ransomware Group Claims Attack on ActionPower Infrastructure

Emerging ransomware group CRYPTO24 has claimed responsibility for a cyberattack against ActionPower, marking their latest high-profile target. This incident represents a significant escalation in the group's operations and highlights growing concerns about industrial sector targeting.

EnergyIndustrial

2 sources

🔐

Stay Briefed

Get daily cybersecurity threat intelligence delivered to your inbox. No spam, just actionable intel.

We respect your privacy. Unsubscribe at any time.