Ransomware cyber

Cicada3301

Sep 13, 2024 1 min read
Cicada3301

Cicada3301, identified as a ransomware-as-a-service (RaaS) group, has compromised tens of companies by targeting VMware ESXi systems. With the use of stolen or brute-forced credentials, the group initiated their attacks, potentially linked to the Brutus botnet. This operation exhibits tactics similar to the defunct BlackCat/ALPHV group, suggesting a possible rebranding or code reuse. The ransomware is Rust-based, targets specific file extensions, and renders documents and pictures inaccessible. It encrypts data with a ChaCha20 key, which is then encrypted with a public PGP key for ransom negotiation. The impact of this attack is significant, with the potential for substantial data loss and operational disruption for the affected organizations.

Source: https://securityaffairs.com/167897/cyber-crime/a-new-variant-of-cicada-ransomware-targets-vmware-esxi-systems.html

"id": "hel001091324",
"linkid": "hellocicada",
"type": "Ransomware",
"date": "9/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
Published by
Jeremy C
Jeremy C

Join the conversation

You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.