🛡

HighMarch 27, 2026

CRYPTO24 Ransomware Group Claims Attack on ActionPower Infrastructure

Emerging ransomware group CRYPTO24 has claimed responsibility for a cyberattack against ActionPower, marking their latest high-profile target. This incident represents a significant escalation in the group's operations and highlights growing concerns about industrial sector targeting.

EnergyIndustrialCritical InfrastructureManufacturingUtilities

📈

Executive Summary

The ransomware group CRYPTO24 has publicly claimed responsibility for a successful attack against ActionPower, demonstrating the group's continued focus on critical infrastructure and industrial targets. This development follows recent intelligence community observations of CRYPTO24's increasing sophistication and operational tempo in Q1 2026. The attack represents a significant concern for industrial and energy sector organizations, as ActionPower is a major player in power systems and industrial automation. Initial analysis suggests this incident could have broader implications for supply chain security and industrial control systems (ICS) environments.

Key Findings

The ransomware group CRYPTO24 has publicly claimed responsibility for a successful attack against ActionPower, demonstrating the group's continued focus on critical infrastructure and industrial targets
This development follows recent intelligence community observations of CRYPTO24's increasing sophistication and operational tempo in Q1 2026
The attack represents a significant concern for industrial and energy sector organizations, as ActionPower is a major player in power systems and industrial automation
Initial analysis suggests this incident could have broader implications for supply chain security and industrial control systems (ICS) environments

Overview

On March 27, 2026, the ransomware group CRYPTO24 announced their successful compromise of ActionPower, a significant provider of power systems and industrial automation solutions. This attack represents a concerning development in the industrial sector's threat landscape and demonstrates CRYPTO24's growing capabilities in targeting critical infrastructure.

Technical Analysis

While specific technical details of the attack are still emerging, CRYPTO24's previous attacks have typically involved:

Initial access through exposed Remote Desktop Protocol (RDP) services or phishing campaigns
Lateral movement using stolen credentials and living-off-the-land techniques
Data exfiltration prior to encryption
Deployment of custom ransomware payloads targeting both IT and OT networks

Impact Assessment

The compromise of ActionPower presents several significant concerns:

Potential access to industrial control system configurations and specifications
Risk of supply chain compromises affecting ActionPower's clients
Possible exposure of proprietary technical documentation and customer data
Operational disruption to power and industrial automation systems

Recommendations

Organizations, particularly those in the industrial and energy sectors, should implement the following measures:

Conduct immediate asset inventory and vulnerability assessments
Review and restrict remote access protocols, especially RDP
Implement network segmentation between IT and OT environments
Update incident response plans to address ransomware scenarios
Enhance monitoring of industrial control system networks
Conduct backup verification and restoration testing

Indicators of Compromise

As this is an emerging incident, specific IOCs have not yet been publicly disclosed. Organizations should monitor threat intelligence feeds and industry sharing platforms for updates as they become available.

EnergyIndustrialCritical InfrastructureManufacturingUtilities

ransomwareCRYPTO24industrial systemscritical infrastructuresupply chain attackcyber extortionActionPower

🔗

Sources

2 sources

01
New claim on #ransomware / #datatheft group #Crypto24 ↗
Twitter2026-03-27
02
Ransomware: CRYPTO24 claims ActionPower ↗
Ransomware.live2026-03-27

📅March 27, 2026

🕒Mar 27, 2026

🔗2 sources

Share this brief:

Related Briefs

HighMar 30, 2026

Windows 11 Security Posture Analysis and Critical Remediation Requirements

Critical analysis of Windows 11's current security architecture and essential improvements needed to enhance enterprise security posture. Assessment covers key vulnerabilities, recommended security controls, and strategic remediation priorities for enterprise environments.

Enterprise TechnologyGovernment

1 source

🛡

HighMar 30, 2026

AI-Driven Social Engineering Attacks on Enterprise Employees

AI-powered social engineering attacks are increasingly targeting enterprise employees, leveraging advanced tactics to bypass security controls. These attacks can lead to significant financial losses and compromised sensitive data. This brief provides an overview of the threat landscape and recommendations for mitigation.

FinanceHealthcare

3 sources

HighMar 28, 2026

GitHub Private Repository Data Training Policy: Privacy and Security Implications

Analysis of security and privacy implications regarding GitHub's policy to include private repositories in AI training data. Organizations have until April 24, 2026 to opt out of having their private repository data used for AI model training.

TechnologySoftware Development

1 source

HighMar 27, 2026

CRYPTO24 Ransomware Group Claims New Corporate Target ActionPower

Emerging ransomware group CRYPTO24 has claimed responsibility for a cyberattack against ActionPower, indicating potential data theft and system encryption. This development signals increased activity from the threat actor in the industrial sector.

IndustrialEnergy

2 sources

🔐

Stay Briefed

Get daily cybersecurity threat intelligence delivered to your inbox. No spam, just actionable intel.

We respect your privacy. Unsubscribe at any time.