Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program

Oct 17, 2024Ravie LakshmananRansomware / Community Safety

Cybersecurity researchers have gleaned extra insights right into a nascent ransomware-as-a-service (RaaS) referred to as Cicada3301 after efficiently getting access to the group’s affiliate panel on the darkish internet.

Singapore-headquartered Group-IB stated it contacted the risk actor behind the Cicada3301 persona on the RAMP cybercrime discussion board by way of the Tox messaging service after the latter put out an commercial, calling for brand spanking new companions into its associates program.

“Within the dashboard of the Affiliates’ panel of Cicada3301 ransomware group contained sections such as Dashboard, News, Companies, Chat Companies, Chat Support, Account, an FAQ section, and Log Out,” researchers Nikolay Kichatov and Sharmine Low stated in a brand new evaluation revealed immediately.

Cybersecurity

Cicada3301 first got here to mild in June 2024, with the cybersecurity neighborhood uncovering robust supply code similarities with the now-defunct BlackCat ransomware group. The RaaS scheme is estimated to have compromised a minimum of 30 organizations throughout crucial sectors, most of that are situated within the U.S. and the U.Ok.

The Rust-based ransomware is cross-platform, permitting associates to focus on units operating Home windows, Linux distributions Ubuntu, Debian, CentOS, Rocky Linux, Scientific Linux, SUSE, Fedora, ESXi, NAS, PowerPC, PowerPC64, and PowerPC64LE.

Like different ransomware strains, assaults involving Cicada3301 have the power to both absolutely or partially encrypt recordsdata, however not earlier than shutting down digital machines, inhibiting system restoration, terminating processes and companies, and deleting shadow copies. It is also able to encrypting community shares for optimum affect.

“Cicada3301 runs an affiliate program recruiting penetration testers (pentesters) and access brokers, offering a 20% commission, and providing a web-based panel with extensive features for affiliates,” the researchers famous.

Cicada3301 Ransomware

A abstract of the totally different sections is as follows –

  • Dashboard – An summary of the profitable or failed logins by the affiliate, and the variety of corporations attacked
  • Information – Details about product updates and information of the Cicada3301 ransomware program
  • Firms – Gives choices so as to add victims (i.e., firm title, ransom quantity demanded, low cost expiration date and many others.) and create Cicada3301 ransomware builds
  • Chat Firms – An interface to speak and negotiate with victims
  • Chat Help – An interface for the associates to speak with representatives of the Cicada3301 ransomware group to resolve points
  • Account – A piece dedicated to affiliate account administration and resetting their password
  • FAQ – Gives particulars about guidelines and guides on creating victims within the “Companies” part, configuring the builder, and steps to execute the ransomware on totally different working methods
Cybersecurity

“The Cicada3301 ransomware group has rapidly established itself as a significant threat in the ransomware landscape, due to its sophisticated operations and advanced tooling,” the researchers stated.

“By leveraging ChaCha20 + RSA encryption and offering a customizable affiliate panel, Cicada3301 enables its affiliates to execute highly targeted attacks. Their approach of exfiltrating data before encryption adds an additional layer of pressure on victims, while the ability to halt virtual machines increases the impact of their attacks.”

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.

Recent articles

Bitter APT Targets Turkish Protection Sector with WmRAT and MiyaRAT Malware

Dec 17, 2024Ravie LakshmananCyber Espionage / Malware A suspected South...

Even Nice Corporations Get Breached — Discover Out Why and How you can Cease It

Dec 17, 2024The Hacker InformationWebinar / Danger Administration Even the...

BeyondTrust Points Pressing Patch for Crucial Vulnerability in PRA and RS Merchandise

Dec 18, 2024Ravie LakshmananSaaS Safety / Incident Response BeyondTrust has...

ONLY Cynet Delivers 100% Safety and 100% Detection Visibility within the 2024 MITRE ATT&CK Analysis

Dec 18, 2024The Hacker InformationRisk Detection / Endpoint Safety Throughout...