0APT Ransomware Gang Extorts Rival Krybit Amid Doxxing Threat

Severity: Low (Score: 36.9)

Sources: Theregister

Summary

The 0APT ransomware gang has threatened to expose the identities of individuals affiliated with rival gang Krybit. This unusual move was detected by dark web watchers on April 10, 2026, and follows 0APT's claim that Krybit poses significant risks to cybersecurity. 0APT has leaked a sample of allegedly stolen data from Krybit, warning that a full dump will occur if payment is not made. The extortion tactic is less effective against a criminal group, as they lack the reputational stakes typical in business extortion. Eric Taylor from Barricade Cyber Solutions reported that leaked files included plaintext credentials and cryptocurrency wallet addresses, but no evidence of ransom payments was found. Krybit's website is currently down, displaying a message about temporary maintenance. 0APT, which launched in January 2026, has quickly gained notoriety for its aggressive tactics and inflated victim claims. The incident highlights the ongoing infighting within the ransomware ecosystem, reminiscent of past rivalries among cybercriminal groups. Key Points: • 0APT threatens to expose Krybit affiliates, marking a rare criminal rivalry. • Leaked data includes plaintext credentials and wallet addresses, but no ransom evidence. • Krybit's website is down, indicating potential operational disruption.

Key Entities

• Data Breach (attack_type)
• Ransomware (attack_type)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• 0apt (ransomware_group)
• Krybit (ransomware_group)