A new ransomware group known as Cicada3301 has been making waves since its emergence in June 2024, targeting businesses in critical sectors in both the US and the UK. In a span of just three months, the group has already exposed data from 30 companies on their leak sites, highlighting the gravity of the threat they pose.
A recent analysis conducted by Group-IB shed light on Cicada3301’s ransomware, which is coded in Rust, enabling it to operate seamlessly on various platforms such as Windows, Linux, ESXi, and even less common architectures like PowerPC. The ransomware employs sophisticated encryption techniques, utilizing ChaCha20 and RSA encryption with customizable modes – Full, Fast, and Auto. This adaptability allows for different encryption levels based on file sizes and extensions, thereby maximizing the impact of the ransomware.
One of the notable features of Cicada3301 is its sophisticated affiliate program, which targets penetration testers and access brokers. These affiliates are offered a 20% commission on ransom payouts and receive access to a web-based panel equipped with a range of tools for tailoring attacks. The web panel enables affiliates to generate ransomware samples, craft ransom notes, and handle negotiations with victims effectively.
In terms of tactics, Cicada3301 is known for its aggressive approaches aimed at causing widespread disruption. The ransomware is capable of shutting down virtual machines, terminating critical services, and deleting shadow copies, all while evading detection. The web panel grants affiliates precise control over their attacks, allowing them to choose encryption settings and configure ransom demands as needed.
As Cicada3301 continues to gain prominence, organizations are encouraged to prioritize cybersecurity measures such as multi-factor authentication, early detection systems, robust backup strategies, and regular patching to mitigate the risks posed by advanced ransomware groups like Cicada3301. By staying vigilant and implementing these proactive measures, businesses can bolster their defenses against evolving cyber threats in an ever-changing digital landscape.