The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

BrainCipher Ransomware

Oct 21, 2024 12:07:07 PM / by The Hivemind

BRAINCIPHERRelated Families: LockBit 3.0
Verticals Targeted: Media, Insurance, Legal Services, Healthcare, Retail, Software, Construction, Manufacturing, Real Estate, Education, Government 

Executive Summary

BrainCipher ransomware, which was first observed in June 2024, is an emerging threat. BrainCipher is based on the leaked LockBit 3.0 builder and is functionally similar to LockBit 3.0.  

Key Takeaways

  • BrainCipher is a ransomware family that has been active since June 2024. 
  • BrainCipher is based on the leaked Lockbit 3.0 builder, and its technical functionality closely resembles LockBit 3.0.
  • BrainCipher uses multi-pronged extortion, demanding a ransom to decrypt encrypted files and threatening to sell or leak stolen data if the ransom is not paid. 
  • PolySwarm analysts consider BrainCipher to be an emerging threat. 

What is BrainCipher?

BrainCipher, also spelled BrainCypher, is a ransomware family that has been active since June 2024. BrainCipher, which targets Windows environments, is primarily delivered via phishing and spearphishing. Additionally, the threat actors behind BrainCipher use initial access brokers to obtain access to target environments. 

BrainCipher is based on the leaked Lockbit 3.0 builder, and its technical functionality closely resembles LockBit 3.0. When the malware is executed, BrainCipher attempts to disable Windows Security services. BrainCipher appends an extension to an encrypted file and also encrypts the filename. 

BrainCipher uses multi-pronged extortion, demanding a ransom to decrypt encrypted files and threatening to sell or leak stolen data if the ransom is not paid. Victims are instructed to contact the threat actors via email or a TOR-based portal. 

PolySwarm analysts consider BrainCipher to be an emerging threat. While BrainCipher is a relatively new ransomware family, it has already claimed a number of victims across multiple verticals, including media, insurance, legal services, healthcare, education, retail, software, construction, manufacturing, real estate, and government. BrainCipher has targeted entities in India, Europe, Israel, South America, Africa, Indonesia, and the US. So far, the ransomware’s most high profile victim has been Indonesia’s National Data Center. The incident, which carried a ransom demand of $8 million USD, led to significant disruptions in government services. 

IOCs

PolySwarm has multiple samples of BrainCipher.

 

7d67c8711b4cad0f585604ff3f9f8f40359e4f8e1524e152f50159b0f56d0952

6e07da23603fbe5b26755df5b8fec19cadf1f7001b1558ea4f12e20271263417

eb82946fa0de261e92f8f60aa878c9fef9ebb34fdababa66995403b110118b12

 

You can use the following CLI command to search for all BrainCipher samples in our portal:

$ polyswarm link list -f BrainCipher

 

Don’t have a PolySwarm account? Go here to sign up for a free Community plan or subscribe.

Contact us at hivemind@polyswarm.io | Check out our blog | Subscribe to our reports.

 

Topics: Threat Bulletin, Ransomware, Lockbit 3.0, Emerging Threat, BrainCipher, BrainCypher

The Hivemind

Written by The Hivemind

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More