Press ESC to close

Encrypted Symphony: Infiltrating the Cicada3301 Ransomware-as-a-Service Group

CategoryDetails
Group OverviewCicada3301 Ransomware group, discovered in June 2024, operates as a Ransomware-as-a-Service (RaaS) targeting organizations across critical sectors. Known for its advanced multi-platform ransomware.
Targeted PlatformsWindows, Linux, ESXi, NAS, PowerPC.
Ransomware DevelopmentWritten in Rust, utilizing ChaCha20 and RSA encryption with configurable modes (Full, Fast, Auto) for optimized encryption.
Affiliate ProgramCicada3301 runs an affiliate program targeting pentesters and access brokers with a 20% commission. Affiliates can access a web-based panel and are prohibited from operating in CIS countries.
Ransomware Features– Multithreading support
– Targeted encryption (files, network shares)
– System cleanup before encryption
– Support for shutting down virtual machines (ESXi, Hyper-V)
– Excludes critical system files
MonetizationAffiliates receive payouts in cryptocurrency via wallets. Large payouts use multiple wallets.
Leaks & Payouts30 organizations targeted, with published stolen data from 24 victims. Leaked data is available on the group’s dedicated leak site (DLS).
Encryption Details– ChaCha20 and RSA encryption
– Multiple modes for different levels of impact
– Can encrypt network shares and processes before encryption
– Decryption requires a specific key.
Web InterfaceAccessible only via Tor, with features like chat, support, sub-affiliate accounts, locker builder, customizable ransom notes, and data leak storage. No private keys stored on servers.
Affiliate RestrictionsProhibited from operating in CIS countries, panel access must be kept private and not shared without approval.
Potential ImpactThe group has rapidly targeted critical sectors across the US and UK. Affiliates play a key role in the group’s expansion and attack execution.
Recommendations– Monitor for ransomware activity in critical sectors.
– Investigate ransomware affiliates and infrastructure via dark web forums.
– Implement strong network segmentation to limit impact.

Read full article : https://www.group-ib.com/blog/cicada3301/

Disclaimer: The above summary has been generated by an AI language model

Leave a Reply

Your email address will not be published. Required fields are marked *

Buy Me A Coffee
Thank you for visiting. You can now buy me a coffee!