Cicada3301

Cicada3301, identified as a ransomware-as-a-service (RaaS) group, has compromised tens of companies by targeting VMware ESXi systems. With the use of stolen or brute-forced credentials, the group initiated their attacks, potentially linked to the Brutus botnet. This operation exhibits tactics similar to the defunct BlackCat/ALPHV group, suggesting a possible rebranding or code reuse. The ransomware is Rust-based, targets specific file extensions, and renders documents and pictures inaccessible. It encrypts data with a ChaCha20 key, which is then encrypted with a public PGP key for ransom negotiation. The impact of this attack is significant, with the potential for substantial data loss and operational disruption for the affected organizations.

Source: https://securityaffairs.com/167897/cyber-crime/a-new-variant-of-cicada-ransomware-targets-vmware-esxi-systems.html

"id": "hel001091324",
"linkid": "hellocicada",
"type": "Ransomware",
"date": "9/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"