Cicada3301 Ransomware Targets Critical Sectors in US and UK

A new ransomware group, Cicada3301, has emerged as a significant threat since its discovery in June 2024. It targets businesses in critical sectors across the US and UK.

In just three months, the group has reportedly published data from 30 companies on their dedicated leak sites, underscoring the severity of the threat.

Multi-Platform Ransomware and Advanced Encryption

A recent analysis by Group-IB revealed that Cicada3301’s ransomware is written in Rust, allowing it to function across multiple platforms, including Windows, Linux, ESXi and even less common architectures like PowerPC.

The ransomware employs advanced encryption techniques, using ChaCha20 and RSA encryption with configurable modes – Full, Fast and Auto.

This flexibility allows for varying levels of encryption based on file sizes and extensions, optimizing the ransomware’s impact.

Cicada3301’s Sophisticated Affiliate Program

One of the standout aspects of Cicada3301 is its sophisticated affiliate program, recruiting penetration testers and access brokers.

Affiliates are offered a 20% commission on ransom payouts and gain access to a web-based panel that provides extensive tools for customizing attacks.

The web panel allows affiliates to generate ransomware samples, create ransom notes and manage negotiations with victims.

The affiliate program includes:

  • Recruitment of penetration testers and access brokers
  • A web interface for generating lockers and ransom notes
  • Communication channels for negotiating ransom payments

Read more on ransomware-as-a-service (RaaS)

Aggressive Tactics and Operational Control

Cicada3301 employs aggressive tactics designed to cause maximum disruption.

Its ransomware can shut down virtual machines, terminate critical services, and delete shadow copies while avoiding detection.

The web panel gives affiliates granular control over their attacks, from choosing encryption settings to configuring ransom demands.

As Cicada3301 continues to rise, organizations must prioritize multi-factor authentication, early detection, proper backup strategies and regular patching to mitigate the risks posed by such advanced ransomware groups.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top