Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label brain cipher. Show all posts

Ransomware Group Brain Cipher Targets French Museums During Olympics

 

The ransomware group Brain Cipher has claimed responsibility for a cyberattack on several French National Museums that took place during the Olympic Games earlier this month. The attack, which targeted institutions managed by the Réunion des Musées Nationaux – Grand Palais (RMN-GP), allegedly compromised 300 GB of data from a system used to centralize financial information. 

Despite the group’s threat to leak the stolen data, they have not yet revealed the nature of the information. The French Cybersecurity Agency (ANSSI) confirmed it was alerted to the attacks and promptly provided assistance to RMN-GP. ANSSI assured the public that the incident did not affect any systems related to the Olympic Games. Events like taekwondo and fencing, hosted by the RMN-GP, continued without disruption. RMN-GP also confirmed that there were no operational impacts, encrypted systems, or extracted data detected in connection with the attack. 

Nevertheless, the situation remains closely monitored as the countdown to the data leak continues on Brain Cipher’s blog, set to occur at 20:00 UTC. Brain Cipher is a relatively new ransomware group that first emerged in June 2023. Since then, the group has been linked to various cyberattacks targeting different sectors, including medical, educational, and manufacturing organizations, along with Indonesian government servers. Despite their activities, the group has attempted to maintain a controversial public image. 

In one case, they apologized for a cyberattack on Indonesian government servers, claiming they were acting as penetration testers rather than criminals. They even released a decryptor to restore the locked files without being pressured by the government, presenting themselves as ethical hackers or white-hat operators, although their actions and motives remain dubious. The data allegedly stolen from RMN-GP is believed to involve sensitive financial information, but no further details have been disclosed by Brain Cipher. 

The threat of releasing such a large volume of data has sparked concerns over potential exposure of confidential details, which could affect both the organization and the individuals associated with it. As the clock ticks down to the group’s proposed leak, questions are raised about the nature of the stolen data and the potential fallout from its exposure. Cyberattacks like this highlight the growing threat posed by ransomware groups to both public and private institutions worldwide. 

The incident also underscores the importance of robust cybersecurity measures, particularly during high-profile events such as the Olympic Games. Although there has been no impact on the Olympic-related systems, the attack serves as a reminder of the constant vigilance required to protect critical infrastructure and data.

Brain Cipher Ransomware Targets Indonesia's National Data Center in Major Cyberattack

 

A new ransomware operation known as Brain Cipher has emerged, targeting organizations worldwide. This operation recently gained media attention due to an attack on Indonesia's temporary National Data Center.

Indonesia is developing National Data Centers to securely store servers used by the government for online services and data hosting. On June 20th, one of these temporary centers was attacked, leading to the encryption of government servers. This disruption affected immigration services, passport control, event permit issuance, and other online services.

The Indonesian government confirmed that Brain Cipher, a new ransomware operation, was responsible for the attack, impacting over 200 government agencies. The attackers demanded $8 million in Monero cryptocurrency for a decryptor and to prevent the leak of allegedly stolen data.

BleepingComputer has learned from negotiation chats that the threat actors claimed they would issue a "press release" about the "quality of personal data protection" in the attack, implying that data was stolen.

Brain Cipher is a new ransomware operation that began earlier this month and has been conducting attacks on organizations worldwide. Initially, the ransomware gang did not have a data leak site, but their latest ransom notes now include links to one, indicating their use of double-extortion tactics. BleepingComputer has found numerous samples of Brain Cipher ransomware on various malware-sharing sites over the past two weeks.

These samples [1, 2, 3] were created using the leaked LockBit 3.0 builder, which has been widely used by other threat actors to launch their own ransomware operations. However, Brain Cipher has made minor modifications to the encryptor.

One change is that it not only appends an extension to encrypted files but also encrypts the file names. The encryptor also creates ransom notes named in the format of [extension].README.txt, which briefly describe the attack, make threats, and provide links to the Tor negotiation and data leak sites. In one instance seen by BleepingComputer, the ransom note deviated from the template and was named 'How To Restore Your Files.txt.'

Each victim receives a unique encryption ID to enter into the threat actor's Tor negotiation site. Similar to other recent ransomware operations, the negotiation site is straightforward, featuring a chat system for communication with the ransomware gang.

Brain Cipher has also launched a new data leak site, although it currently does not list any victims. In negotiations observed by BleepingComputer, the ransomware gang has demanded ransoms ranging from $20,000 to $8 million.

The encryptor, based on the leaked LockBit 3 encryptor, has been thoroughly analyzed. Unless Brain Cipher has modified the encryption algorithm, there are no known methods to recover files for free.