Category | Details |
---|---|
Group Overview | Cicada3301 Ransomware group, discovered in June 2024, operates as a Ransomware-as-a-Service (RaaS) targeting organizations across critical sectors. Known for its advanced multi-platform ransomware. |
Targeted Platforms | Windows, Linux, ESXi, NAS, PowerPC. |
Ransomware Development | Written in Rust, utilizing ChaCha20 and RSA encryption with configurable modes (Full, Fast, Auto) for optimized encryption. |
Affiliate Program | Cicada3301 runs an affiliate program targeting pentesters and access brokers with a 20% commission. Affiliates can access a web-based panel and are prohibited from operating in CIS countries. |
Ransomware Features | – Multithreading support – Targeted encryption (files, network shares) – System cleanup before encryption – Support for shutting down virtual machines (ESXi, Hyper-V) – Excludes critical system files |
Monetization | Affiliates receive payouts in cryptocurrency via wallets. Large payouts use multiple wallets. |
Leaks & Payouts | 30 organizations targeted, with published stolen data from 24 victims. Leaked data is available on the group’s dedicated leak site (DLS). |
Encryption Details | – ChaCha20 and RSA encryption – Multiple modes for different levels of impact – Can encrypt network shares and processes before encryption – Decryption requires a specific key. |
Web Interface | Accessible only via Tor, with features like chat, support, sub-affiliate accounts, locker builder, customizable ransom notes, and data leak storage. No private keys stored on servers. |
Affiliate Restrictions | Prohibited from operating in CIS countries, panel access must be kept private and not shared without approval. |
Potential Impact | The group has rapidly targeted critical sectors across the US and UK. Affiliates play a key role in the group’s expansion and attack execution. |
Recommendations | – Monitor for ransomware activity in critical sectors. – Investigate ransomware affiliates and infrastructure via dark web forums. – Implement strong network segmentation to limit impact. |
Read full article : https://www.group-ib.com/blog/cicada3301/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply