| Category | Details |
|---|---|
| Group Overview | Cicada3301 Ransomware group, discovered in June 2024, operates as a Ransomware-as-a-Service (RaaS) targeting organizations across critical sectors. Known for its advanced multi-platform ransomware. |
| Targeted Platforms | Windows, Linux, ESXi, NAS, PowerPC. |
| Ransomware Development | Written in Rust, utilizing ChaCha20 and RSA encryption with configurable modes (Full, Fast, Auto) for optimized encryption. |
| Affiliate Program | Cicada3301 runs an affiliate program targeting pentesters and access brokers with a 20% commission. Affiliates can access a web-based panel and are prohibited from operating in CIS countries. |
| Ransomware Features | - Multithreading support - Targeted encryption (files, network shares) - System cleanup before encryption - Support for shutting down virtual machines (ESXi, Hyper-V) - Excludes critical system files |
| Monetization | Affiliates receive payouts in cryptocurrency via wallets. Large payouts use multiple wallets. |
| Leaks & Payouts | 30 organizations targeted, with published stolen data from 24 victims. Leaked data is available on the group’s dedicated leak site (DLS). |
| Encryption Details | - ChaCha20 and RSA encryption - Multiple modes for different levels of impact - Can encrypt network shares and processes before encryption - Decryption requires a specific key. |
| Web Interface | Accessible only via Tor, with features like chat, support, sub-affiliate accounts, locker builder, customizable ransom notes, and data leak storage. No private keys stored on servers. |
| Affiliate Restrictions | Prohibited from operating in CIS countries, panel access must be kept private and not shared without approval. |
| Potential Impact | The group has rapidly targeted critical sectors across the US and UK. Affiliates play a key role in the group’s expansion and attack execution. |
| Recommendations | - Monitor for ransomware activity in critical sectors. - Investigate ransomware affiliates and infrastructure via dark web forums. - Implement strong network segmentation to limit impact. |
Read full article : https://www.group-ib.com/blog/cicada3301/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply