01flip: Multi-Platform Ransomware Written in Rust unit42.paloaltonetworks.com/new-ranso…
In June 2025, we observed a new ransomware family named 01flip targeting a limited set of victims in the Asia-Pacific region. 01flip ransomware is fully written in the Rust programming language and supports multi-platform architectures by leveraging the cross-compilation feature of Rust.
These financially motivated attackers likely carried this out through manual means. We have confirmed an alleged data leak from an affected organization on a dark web forum shortly after the attack. We are currently tracking this activity as CL-CRI-1036, signifying a cluster of malicious activity that is likely related to cybercrime.
Our key findings are: Financially motivated attackers behind CL-CRI-1036 use 01flip ransomware, a newly observed ransomware family purely written in Rust This ransomware supports multi-platform architecture, including Windows and Linux A threat actor potentially associated with CL-CRI-1036 is offering data for sale on dark web forums (likely stolen with 01flip ransomware)
