ClickCease Cicada3301 Ransomware: Security Expert Uncover Affiliates- TuxCare

Rejoignez notre populaire bulletin d'information

Rejoignez plus de 4 500 professionnels de Linux et de l'Open Source!

2 fois par mois. Pas de spam.

Cicada3301 Ransomware: Security Expert Uncover Affiliates

par Wajahat Raja

October 30, 2024 - TuxCare expert team

According to recent media reports, cybersecurity experts have recently uncovered the affiliate panel of the Cicada3301 ransomware. The discovery stems from a job advert posted by the threat actor seeking new members for the affiliate program. In this article, we’ll cover the ransomware in detail and shed light on its affiliate panel. Let’s begin!

The Cicada3301 Ransomware 

The origins of the Cicada3301 ransomware can be traced back to June 2024. At that time there were strong similarities between Cicada3301 and the BlackCat ransomware group. This ransomware-as-a-service model is expected to have compromised around 30 critical sector organizations located in both the United States (US) and the United Kingdom (UK).

This Rust-based ransome is a cross-platform capable of complete or partial file encryption. Prior to encrypting the files, the Cicada3301 ransomware can also execute other malicious initiative such as: 

  • Shutting down virtual machines.
  • Entering system recovery. 
  • Terminating both processes and services.
  • Deleting shadow copies. 
  • Encrypting network shares. 

Such attack capabilities can be detrimental to those of fall prey to Cicada3301 attacks. As of now, the program’s affiliates target devices that are running: 

  • Windows. 
  • Debian. 
  • CentOS. 
  • Rocky Linux. 
  • Scientific Linux. 
  • SUSE. 
  • Fedora. 
  • ESXi. 
  • NAS. 
  • PowerPC. 
  • PowerPC64.
  • PowerPC64LE.

Commenting on the operational structure of the Cicada3301 ransomware group, cybersecurity experts have stated that: 

“Cicada3301 runs an affiliate program recruiting penetration testers (pentesters) and access brokers, offering a 20% commission, and providing a web-based panel with extensive features for affiliates,” the researchers noted.”

Cross-Platform Ransomware’s Affiliate Panel

Before we dive into the details, it’s worth mentioning that Group-IB, a cybersecurity firm, made contact with the Cicada3301 ransomware threat actor on the RAMP cybercrime forum where new individuals were being invited to the program. Providing information about the affiliate panel, cybersecurity experts Nikolay Kichatov and Sharmine Low stated that:  

“Within the dashboard of the Affiliates’ panel of Cicada3301 ransomware group contained sections such as Dashboard, News, Companies, Chat Companies, Chat Support, Account, an FAQ section, and Log Out.”

It’s worth mentioning here that the Cicada3301 ransomware group has rapidly become one of the most severe online threats. Two factors that contribute to this fearsome status are its operational structure and advanced tools like ChaCha20 and RSA encryption. Commenting on the attack capabilities, experts have stated that: 

“By leveraging ChaCha20 + RSA encryption and offering a customizable affiliate panel, Cicada3301 enables its affiliates to execute highly targeted attacks. Their approach of exfiltrating data before encryption adds an additional layer of pressure on victims, while the ability to halt virtual machines increases the impact of their attacks.”

Conclusion 

Cicada3301 has quickly emerged as a major threat in the ransomware landscape, utilizing sophisticated encryption and a highly organized affiliate program. By recruiting skilled hackers and leveraging advanced tools, this RaaS model continues to target critical sectors, raising significant security concerns across industries in the U.S. and U.K. In light of such, using proactive cybersecurity solutions is now a necessity for ensuring protection. 

The sources for this piece include articles in The Hacker News and Group-IB.

Vous cherchez à automatiser la correction des vulnérabilités sans redémarrage du noyau, temps d'arrêt du système ou fenêtres de maintenance programmées ?

Devenez rédacteur invité de TuxCare

Courrier

Rejoindre

4,500

Professionnels de Linux et de l'Open Source
!

S'abonner à
notre lettre d'information