No honor among thieves as 0APT threatens rival ransomware gang Krybit

The spat

It has been reported that two fledgling ransomware crews have turned on each other after 0APT threatened to out members of rival gang Krybit and demand payment. 0APT allegedly posted a sample of what it said were Krybit files, warning that unless the group paid up it would publish names, photos, locations and other identifying data. What happens when the extortionists get extorted? The move reads like theater — dramatic, hypocritical and a little bit delicious.

The leak and what it contained

Security researchers who downloaded the posted sample say it contained plaintext credentials, five crypto‑wallet addresses and no sign of any paid ransoms, according to Eric Taylor of South Carolina’s Barricade Cyber Solutions. Krybit’s site is currently down, replaced by a splash page promising service will “return to work shortly,” it has been reported. 0APT, which only emerged in January and has been described by Halcyon’s ransomware research centre as showing “credible technical depth,” also posted hundreds of alleged victims in its first 48 hours — a list Halcyon says likely includes exaggerations.

Why it matters

On the face of it, the stunt is almost toothless: reputational harm is the core lever of double‑extortion, and criminals have, by definition, little reputation to lose. That said, anonymity is everything in this underworld, and the threat of doxxing still bites. Infighting like this is not unprecedented — DragonForce’s attacks on rival gangs in 2025 proved that criminal turf wars can turn vicious and public — but it’s a reminder that the ransomware ecosystem is fractious, unstable and sometimes self‑sabotaging. No honor among thieves? Apparently not.

Sources: The Register