VERY IMPORTANT

Crystal Rans0m is a newly discovered hybrid ransomware family developed in Rust, first observed in September 2023. It combines file encryption with data stealing capabilities, doubling its leverage over victims. The malware targets browser data, Discord tokens, Steam files, and Riot Games data. It uses Discord webhooks for exfiltration and Salsa20 for file encryption. The ransom note demands payment in Monero and provides a Session ID for communication. Crystal Rans0m employs anti-VM and anti-debugging techniques. Recent samples suggest it may be modular, allowing attackers to choose specific components. While initially seen targeting Italy and Russia, its motivation appears to be financial gain without specific geographic or industry focus.