The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center.
Indonesia is building out National Data Centers to securely store servers used by the government for online services and data hosting.
On June 20th, one of the temporary National Data Centers suffered a cyberattack that encrypted the government's servers and disrupted immigration services, passport control, issuing of event permits, and other online services.
The government confirmed that a new ransomware operation, Brain Cipher, was behind the attack, disrupting over 200 government agencies.
Brain Cipher demanded $8 million in the Monero cryptocurrency to receive a decryptor and not leak allegedly stolen data.
Brain Cipher is a new ransomware operation launched earlier this month, conducting attacks on organizations worldwide.
While the ransomware gang initially launched without a data leak site, their latest ransom notes now link to one, indicating that data is still in attack and will be used in double-extortion schemes.
BleepingComputer is aware of numerous samples of the Brain Cipher ransomware uploaded to various malware-sharing sites over the past two weeks.
These samples [1, 2, 3] were created using the leaked LockBit 3.0 builder, which other threat actors heavily abused to launch their own ransomware operations.
These ransom notes briefly describe what happened, make threats, and link to the Tor negotiation and data leak sites.
Like many other recent ransomware operations, the negotiation site is pretty simple, just including a chat system that the victim can use to communicate with the ransomware gang.
Once the threat actors gain Windows domain admin credentials, they deploy the ransomware throughout the network.
Before encrypting files, the threat actors will steal corporate data for leverage in their extortion attempts, warning victims that it will be publicly released if a ransom is not paid.
Brain Cipher is no different and has recently launched a new data leak site that does not currently list any victims.
From negotiations seen by BleepingComputer, the ransomware gang has demanded ransoms ranging between $20,000 and $8 million.
City of Wichita breach claimed by LockBit ransomware gang.
Infosys McCamish says LockBit stole data of 6 million people.
Keytronic confirms data breach after ransomware gang leaks stolen files.
Police arrest Conti and LockBit ransomware crypter specialist.
FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sat, 29 Jun 2024 15:00:18 +0000