Crimson Walrus isn't ransomware. ConnectWise created it as a challenge for the IT Nation Secure 2022 CTF from June 6, 2022, to June 8, 2022, and emulates some real ransomware behaviors. For example, we observed no file encryption (although it does utilize RSA-2048 for encrypting some data). It does drop a ransom note with the flag to one of the challenges, and they even created an extortion page on the dark web to make it more realistic. The dark website even had five "victims" and certainly was cloned from the Babuk dark website. Apparently, they did so well that one cybersecurity company mistook it for a real ransomware group with five victims. There are a few aliases for Crimson Tusk, which is self-named on their dark web extortion site, but the source code path reveals it was named TuskLocker2. Thus, the aliases Crimsom Walrus 2, TuskLocker, and TuskLocker 2 came to be.
