DailyPost 2951
CICADA3301 RANSOMWARE
If you go by the research being conducted in the field of ransomware, it would certainly be amongst one of top areas of computer science, albeit it used on the wrong side of the law. If you take it as development to successful production and upgrade, that too with crazy timelines, and the capability to create newer variants, it would beat any software development hollow. If we add to the successful business models working around ransomware, the large adherents among them on the RasS and creating various sources of revenue out of it, it would beat all others. It is for this reason, ransomware has been ruling the cyber world for quite some time now and does not seem to have any competitor in the reckoning.
As in any successful crime area with huge booty and very thin chances of getting caught, gangs emerge. So we find any number of ransomware gangs. One of the most recent to gain entry is called Cicada3301. It was running an affiliate program. Cyber security researchers successfully gained access to the groups affiliate panel on the dark web. The gang was contacted on RAMP cyber crime forum via Tox messaging service. Cicada had put out an advertisement, calling for new partners into its affiliate program. The Dashboard of the gang contained News, Companies, Chat Companies, Chat Support, Account and FAQ sections.
The gang was discovered as recently as June 2024, with the “cybersecurity community uncovering strong source code similarities with the now defunct BlackCat ransomware gang.” No less than 30 organisations have been compromised under the RaaS scheme belonging to the critical sectors in the US and UK. This is a Rust-based ransomware which is cross platform, facilitating affiliates to target across operating systems. Like other ransomware strains, Cicada has the ability to fully or partially encrypt files. This action is not performed “before shutting down virtual machines, inhibiting system recovery, terminating processes and services, and deleting shadow copies.”
In a truly MNC style Cicada runs an affiliate program to recruit pentesters and access brokers. It offers a 20% commission of the booty / ransom. It also provides a web-based panel with extensive features for affiliates. In a short time the gang has established itself as a significant threat in the ever burgeoning ransomware landscape. This was possible due to its sophisticated operations and advanced tooling. By utilising its exceptional tooling the affiliates are enabled to execute highly targeted attacks. The newer methods fixes the victims literally in a cyber crime quagmire.
RANSOMWARE GANG WAR IS THE MOST POTENT BATTLE ON THE PLANET TODAY.
Sanjay Sahay
Have a nice evening.