Crazy, Stupid, Ransomware

Kristina Savelesky | Simeon Kakpovi

Since February 2025, the "CrazyHunter" ransomware group has applied unique tradecraft concentrating on a single region, suggesting strategic objectives beyond mere monetary gain. This behavior invites comparisons with historical oddballs— state-sponsored ransomware groups from Iran, Russia, and North Korea—that pursued national interests under the guise of ransomware attacks. By examining the CrazyHunter group against these past examples, we can speculate on their true intentions. Are they following in the footsteps of those who leveraged ransomware for strategic purposes?