brain cipher
Ransomware group profile
Description
Brain Cipher Ransomware is a financially motivated cybercriminal group known for deploying sophisticated ransomware attacks on large organizations since the early 2020s. The group employs advanced tactics such as double extortion, complete network infiltration, and data exfiltration to maximize ransom payouts. Their operations have targeted sectors including healthcare and finance, demonstrating a willingness to disrupt critical services for financial gain.
Key insights
- •Targets large organizations to maximize ransom payouts.
- •Utilizes double extortion tactics, threatening data release if ransoms are not paid.
- •Employs a modified variant of the LockBit 3.0 ransomware.
- •Engages in extensive network infiltration and data exfiltration before deployment.
- •Incorporates zero-day vulnerabilities and social engineering in their attacks.
- •Ransom demands typically range from $150,000 to $8 million, primarily paid in Monero.
Threat Level & Status Breakdown
For brain cipher · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for brain cipher in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for brain cipher
- 71c109f3bf4da2fc0173b9bcff07e979
- 9c5698924d4d1881efaf88651a304cb3
- 0da1f4ede654e83241eaad7719a708a0
- 41050b2b9f619cdd9916e3bdd5b9f2f9
- 8b3a45ebb7f2331e90ac57a2a20536fd
- 714b31629c37dee57038ca4e52ef65ac
- 448f1796fe8de02194b21c0715e0a5f6
- a0efa7fb6dff1e035510ec1f42e083e4
- 8dbd57b042bc63b9ecdc9e3e5506ce85
- 523c501118ef5d7957ce54aee86d9b1d
- b32a8951fc4c2e4c2d63d17200ca0032
- f94d17b5f232e9cfd2255ca9823cb18a
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for brain cipher
T1486
T1486
T1490
T1490
T1041
T1041
T1070
T1070
T1059
T1059
T1562
T1562
T1021
T1021
T1134
T1134
T1548.002
T1548.002
T1021.001
T1021.001
T1210
T1210
T1080
T1080
Victims(24)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| anglomoil.com | — | — | Energy & Utilities | Claimed | 4 days ago | |
| alu-rex.com | — | — | Manufacturing | Data Leaked | 4 days ago | |
| squamish.net | — | — | Technology | Data Leaked | 18 days ago | |
| sheppadviser.com.au | — | AU Australia | Professional Services | Data Leaked | 29 days ago | |
| ice.org.uk | — | GB United Kingdom | Education | Data Leaked | about 1 month ago | |
| bridgeway-consulting.co.uk | — | GB United Kingdom | Professional Services | Data Leaked | about 2 months ago | |
| soundinsurance.ca | — | CA Canada | Financial Services | Data Leaked | 2 months ago | |
| endeavourautomotive.co.uk | — | GB United Kingdom | Manufacturing | Data Leaked | 2 months ago | |
| Eworldme | eworldme.com | AE United Arab Emirates | Technology | Data Leaked | 2 months ago | |
| liteline.com | — | US United States | Technology | Data Leaked | 4 months ago | |
| westonconsulting.com | — | US United States | Professional Services | Data Leaked | 4 months ago | |
| exceldor.ca | — | CA Canada | Other | Data Leaked | 4 months ago | |
| flbgroup.com | — | GB United Kingdom | Professional Services | Unknown | 5 months ago | |
| kisnet.co.jp | — | JP Japan | Technology | Unknown | 5 months ago | |
| nwlr.ca | — | CA Canada | Technology | Unknown | 5 months ago | |
| fsbgroup.ca | — | CA Canada | Financial Services | Claimed | 8 months ago | |
| semag.fr | — | FR France | Energy & Utilities | Claimed | 8 months ago | |
| axxia.fr | — | FR France | Manufacturing | Claimed | 8 months ago | |
| oxfordcounty.ca | — | CA Canada | Government & Defense | Claimed | 8 months ago | |
| cdom.org | — | US United States | Education | Claimed | 8 months ago |
Page 1 of 2
Affected countries(43)
Countries where this group has been reported to target or leak victims.