BrainCipher
Ransomware group profile
Description
Brain Cipher Ransomware is a financially motivated cybercriminal group known for deploying sophisticated ransomware attacks on large organizations since the early 2020s. The group employs advanced tactics such as double extortion, complete network infiltration, and data exfiltration to maximize ransom payouts. Their operations have targeted sectors including healthcare and finance, demonstrating a willingness to disrupt critical services for financial gain.
Key insights
- •Targets large organizations to maximize ransom payouts.
- •Utilizes double extortion tactics, threatening data release if ransoms are not paid.
- •Employs a modified variant of the LockBit 3.0 ransomware.
- •Engages in extensive network infiltration and data exfiltration before deployment.
- •Incorporates zero-day vulnerabilities and social engineering in their attacks.
- •Ransom demands typically range from $150,000 to $8 million, primarily paid in Monero.
Threat Level & Status Breakdown
For BrainCipher · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for BrainCipher in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for BrainCipher
- 71c109f3bf4da2fc0173b9bcff07e979
- 9c5698924d4d1881efaf88651a304cb3
- 0da1f4ede654e83241eaad7719a708a0
- 41050b2b9f619cdd9916e3bdd5b9f2f9
- 8b3a45ebb7f2331e90ac57a2a20536fd
- 714b31629c37dee57038ca4e52ef65ac
- 448f1796fe8de02194b21c0715e0a5f6
- a0efa7fb6dff1e035510ec1f42e083e4
- 8dbd57b042bc63b9ecdc9e3e5506ce85
- 523c501118ef5d7957ce54aee86d9b1d
- b32a8951fc4c2e4c2d63d17200ca0032
- f94d17b5f232e9cfd2255ca9823cb18a
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for BrainCipher
T1486
T1486
T1490
T1490
T1041
T1041
T1070
T1070
T1059
T1059
T1562
T1562
T1021
T1021
T1134
T1134
T1548.002
T1548.002
T1021.001
T1021.001
T1210
T1210
T1080
T1080
Victims(24)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| alu-rex.com | alu-rex.com | AT Austria | Manufacturing | Claimed | 4 days ago | |
| anglomoil.com | anglomoil.com | GB United Kingdom | Energy & Utilities | Claimed | 4 days ago | |
| squamish.net | squamish.net | CA Canada | Technology | Claimed | 18 days ago | |
| sheppadviser.com.au | sheppadviser.com.au | AU Australia | Professional Services | Claimed | 29 days ago | |
| ice.org.uk | ice.org.uk | GB United Kingdom | Education | Claimed | about 1 month ago | |
| flbgroup.com | flbgroup.com | GB United Kingdom | Manufacturing | Claimed | about 2 months ago | |
| kisnet.co.jp | kisnet.co.jp | JP Japan | Technology | Claimed | about 2 months ago | |
| nwlr.ca | nwlr.ca | CA Canada | Technology | Claimed | about 2 months ago | |
| liteline.com | liteline.com | CA Canada | Manufacturing | Claimed | about 2 months ago | |
| westonconsulting.com | westonconsulting.com | US United States | Professional Services | Claimed | about 2 months ago | |
| exceldor.ca | exceldor.ca | CA Canada | Other | Claimed | about 2 months ago | |
| soundinsurance.ca | soundinsurance.ca | CA Canada | Financial Services | Claimed | about 2 months ago | |
| endeavourautomotive.co.uk | endeavourautomotive.co.uk | GB United Kingdom | Manufacturing | Claimed | about 2 months ago | |
| eworldme.com | eworldme.com | AE United Arab Emirates | Technology | Claimed | about 2 months ago | |
| bridgeway-consulting.co.uk | bridgeway-consulting.co.uk | GB United Kingdom | Professional Services | Claimed | about 2 months ago | |
| fsbgroup.ca | fsbgroup.ca | CA Canada | Financial Services | Claimed | 8 months ago | |
| semag.fr | semag.fr | FR France | Technology | Claimed | 8 months ago | |
| axxia.fr | axxia.fr | FR France | Technology | Claimed | 8 months ago | |
| oxfordcounty.ca | oxfordcounty.ca | CA Canada | Government & Defense | Claimed | 8 months ago | |
| cdom.org | cdom.org | US United States | Education | Claimed | 8 months ago |
Page 1 of 2
Affected countries(43)
Countries where this group has been reported to target or leak victims.