A new ransomware operation known as Brain Cipher has emerged, targeting organizations globally. This ransomware recently gained significant media attention following an attack on Indonesia’s temporary National Data Center.
Impact on Indonesia’s National Data Center
Indonesia is developing National Data Centers to securely store government servers used for online services and data hosting. On June 20th, a cyberattack on one of these temporary centers encrypted government servers, disrupting crucial services such as immigration, passport control, and event permit issuance. The attack affected over 200 government agencies, causing significant operational disruptions.
Brain Cipher Ransomware
Brain Cipher is a new player in the ransomware landscape, launching attacks on various organizations worldwide. The ransomware gang initially operated without a data leak site, but recent ransom notes now link to one, indicating a shift towards double-extortion tactics. The attackers demanded $8 million in Monero cryptocurrency for a decryptor and to prevent the leak of allegedly stolen data.
The ransomware (sample1, sample2, sample3) is created using the leaked LockBit 3.0 builder, with minor modifications. The ransom notes are named in the format of [extension].README.txt, providing brief descriptions of the attack, threats, and links to Tor negotiation and data leak sites.
New Data Leak Site
Brain Cipher, like other ransomware operations, breaches corporate networks, spreads laterally, and steals corporate data before encrypting files. The stolen data is used as leverage, threatening victims with public release if the ransom is not paid. The ransomware has recently launched a new data leak site, though it currently lists no victims.
The encryptor is based on the well-analyzed LockBit 3 encryptor, and unless Brain Cipher has made significant changes to the encryption algorithm, there are no known ways to recover files for free.
Stay informed about the latest cybersecurity threats and learn how to protect your organization from ransomware attacks with Boyang.
Related Links:
Hackers Breach 20,000 FortiGate Systems
