HQ/EMEAFind out how we can help your business
Brain Cipher is a new ransomware operation that started earlier this month by targeting various organisations globally.
According to reports, this ransomware has no data leak site after first appearing in the digital landscape. However, newer reports claim that the actors will establish one and use the compromised data for double-extortion.
Moreover, multiple copies of the Brain Cipher ransomware were released to various malware-sharing sites in the last two weeks. Researchers also noted that the developers built Brain Cipher using the leaked released LockBit 3.0 builder, which other threat actors utilised extensively to launch their ransomware operations.
Brain Cipher has made custom changes to the LockBit encryptor before introducing its operation.
One of the improvements that the Brain Cipher made on the LockBit builder is that it not only adds an extension to the encrypted file but also encrypts the file name. The encryptor will also generate ransom notes of the type [extension].README.txt.
These ransom letters briefly outline what transpired, issue threats, and provide links to Tor negotiation and data leak sites. In one ransom note sample, the threat actor separated from the template and used the file ‘How To Restore Your Files.txt.’
Each victim is assigned a unique encryption ID submitted to the threat actor’s Tor extortion site. Like many other recent ransomware operations, the negotiating site is relatively simple, consisting only of a chat interface through which the victim can transact with the ransomware group.
Similar to other ransomware attacks, Brain Cipher infiltrates a business network during operation and propagates laterally to other machines. Once the threat actors acquire Windows domain admin credentials, they could spread the ransomware throughout the network.
However, before encrypting files, threat actors often leverage business data in their extortion operations, warning victims that the material will be exposed to the public if a ransom is not paid.
Brain Cipher also follows the same pattern, and it recently launched a new data leak site that does not yet disclose any victims. Still, some reports stated that the ransomware gang had requested ransoms ranging from $20,000 to $8 million.
Researchers are trying to dissect this new ransomware operation since the encryptor is based on the previously released LockBit 3 encryptor to try to mitigate the impact of this latest threat. Still, if Brain Cipher modified the encryption method, it could cause significant damage to various industries worldwide as there is no known free encryption for a modified LockBit builder for retrieving files.
