Honey, the skids are fighting again
Two rival ransomware groups have turned against each other in a rare cybercriminal conflict, as 0APT threatened to expose members affiliated with Krybit. The incident, first observed on dark web forums, highlights an unusual escalation in the ransomware landscape where threat actors are now targeting their own ecosystem.
According to statements published by 0APT on its leak blog, the group warned that it would reveal sensitive details of Krybit affiliates – including identity photos, names, and locations – if its demands were not met. The group also claimed it would assist victims of Krybit by offering to unlock their data, positioning itself in a contradictory stance while simultaneously engaging in ransomware activities.
The move follows a familiar double-extortion strategy, with 0APT releasing a sample of allegedly stolen Krybit data as proof of compromise. The group has threatened a larger data dump if Krybit fails to respond or comply with its demands. However, unlike traditional ransomware attacks targeting enterprises, the tactic loses much of its leverage when directed at another criminal organization that operates outside legal and reputational frameworks.
Despite this, the threat still carries weight due to the high level of anonymity maintained by cybercriminal groups. Exposure of identities or operational details could significantly disrupt their activities, making such attacks potentially damaging even within illicit networks.
Early analysis of the leaked data revealed sensitive operational information linked to Krybit. Eric Taylor, owner of Barricade Cyber Solutions, confirmed that the exposed files included plaintext credentials associated with Krybit operators and affiliates, along with multiple cryptocurrency wallet addresses. Notably, there was no evidence suggesting that Krybit had successfully received ransom payments.
Krybit’s infrastructure also appears to have been impacted amid the incident. The group’s website is currently offline, replaced with a temporary message indicating that services will be restored soon and apologizing for the disruption.
0APT, a relatively new entrant in the ransomware ecosystem, emerged in January 2026 and has already drawn attention for its aggressive tactics. The group initially claimed hundreds of victims within its first days of operation, although the accuracy of these claims remains uncertain. Meanwhile, Krybit is a lesser-known entity, with limited public intelligence and only recent activity observed on underground platforms.
This incident reflects a broader trend of infighting among cybercriminal groups, where rivalries and competition over resources, affiliates, and reputation can lead to direct attacks. Such conflicts can expose internal operations and weaken the overall ransomware ecosystem, even as they introduce new unpredictability into the threat landscape.
As ransomware groups continue to evolve, this clash between 0APT and Krybit underscores a shifting dynamic – one where cybercriminals are not only targeting organizations but increasingly turning on each other in a bid for dominance and control.
Recommended Cyber Technology News :
- Spring Lake Park Schools Closed After Cyber Ransomware Attack
- ESET Warns EDR Killers Are Changing Ransomware Threats
- Qilin, Warlock Ransomware Disable 300+ EDR Tools
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
