Cicada linked to ALPHV ransomware says report

A new ransomware, identified as Cicada 3301, is currently making waves on the internet, targeting both Windows and Linux systems. Security researchers from endpoint protection firm Morphisec Inc. have uncovered this malware, suggesting it may be linked to the notorious BlackCat or ALPHV ransomware families.

Cicada3301 is written in Rust and named after the complex Cicada Puzzle, a nod to its intricate nature. This ransomware specifically targets small to medium-sized businesses by exploiting vulnerabilities in SMB (Server Message Block) protocols and demands payment in Monero or Bitcoin for a decryption key.

According to Morphisec researchers, the rebranding and potential connections to Russian-funded ransomware-as-a-service operations might be strategies to evade detection by law enforcement agencies. As international cybercrime units improve their tracking capabilities and even monitor blockchain transactions, hackers are devising new methods to spread ransomware and extract payments from victims.

One common tactic is to launch new ransomware variants under different names while employing the same extortion methods: infiltrating networks, encrypting files, and demanding ransom for their release. This approach not only opens new avenues for criminals but also complicates efforts for law enforcement to track and apprehend them.

This pattern mirrors strategies seen in drug and human trafficking, where criminal organizations frequently introduce new members and methods to evade capture.

In a related development, the US Department of Health announced a reward of up to $10 million in February 2024 for information leading to the capture of the leaders behind the BlackCat ransomware. Meanwhile, in March 2024, the ALPHV gang announced plans to cease operations in response to a ransomware attack on Change Healthcare, raising questions about the group’s motivations and future actions.

Ad
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display