What’s the Cicada ransomware?
Cicada (also called Cicada3301) is refined ransomware written in Rust that has claimed greater than 20 victims since its discovery in June 2024.
Why is the ransomware referred to as Cicada?
The criminals behind Cicada seem to have named it after the mysterious Cicada 3301 puzzles posted on the web between 2012 and 2014, seemingly to recruit very smart people.Â
After all, there isn’t a purpose to imagine that the ransomware is in any style associated to the enigmatic puzzles that appeared a decade earlier than it – aside from by way of the title.
Truthful sufficient. What kind of corporations are being hit by Cicada?
In line with a weblog put up by safety researchers at Morphisec, at the least 21 corporations, predominantly in North America and the UK, have been hit by Cicada since June 18, 2024.Â
Many of the organisations affected have been small and mid-sized companies (18), with the remaining three described as enterprises. Victims have been famous in a wide range of trade sectors, together with manufacturing/industrial, healthcare, retail, and hospitality.Â
Organizations hit by the Cicada ransomware are greeted by a message telling them that attackers have downloaded their necessary information and that information on the corporate’s community have been encrypted.Â
An additional message says that the gang is ready to supply “proof that the info has been stolen” and can delete all of the stolen info and “enable you rebuild your infrastructure and stop comparable assaults sooner or later” if a cryptocurrency cost is made.
And I suppose they’ll publish the info if you happen to do not pay up?
Sure, the Cicada gang says that if a ransom is just not paid in time, then the stolen information will probably be revealed on its weblog. However additionally they say that the info will probably be despatched “to all regulatory authorities in your nation, in addition to to your prospects, companions, and opponents.”
That is a nasty menace. Do we all know who’s behind Cicada?
Though we have no idea the identities of these accountable, safety researchers say that there are putting similarities between Cicada and the ALPHV BlackCat ALPHV ransomware – which can be written in Rust.Â
Whereas there is no definitive proof, the similarities between Cicada and BlackCat, together with using Rusy, evasion strategies, and timing, recommend a potential connection.
You’ve got talked about Rust just a few occasions. What’s that?
Rust is a programming language that has develop into fashionable with ransomware builders in recent times. Specifically, ransomware teams like BlackCat and Hive have used Rust to create strains of their malware – partially as a result of it makes reverse-engineering extra difficult and as a result of difficulties some malware detection programs have in reliably detecting Rust-based ransomware by way of static evaluation.
I assumed the authorities had taken motion to disrupt the ALPHV BlackCat ransomware?
Effectively remembered. In December 2013, the US Division of Justice introduced it had disrupted the ransomware gang’s operations and seized decryption keys to assist victims unlock their information with out paying a ransom.Â
Nevertheless, that victory was short-lived. ALPHV BlackCat re-emerged, threatened retaliation in opposition to international locations that assisted with the takedown, and explicitly warned that it might assault hospitals in future.
They do not sound like a pleasant bunch.
That is placing it mildly.
What can I do to scale back the chance of Cicada and different ransomware threats attacking my organisation?
- Hold your safety software program up to date.
- Educate your staff about phishing emails and different social engineering strategies.
- Implement sturdy backup and restoration procedures.
- Monitor your setting for suspicious exercise.
- Think about using menace searching providers to proactively establish and mitigate threats.
Different greatest practices embrace creating robust, distinctive passwords, and conserving software program present. Additionally it is suggested to report ransomware assaults to CISA, a neighborhood FBI discipline workplace or a Secret Service discipline workplace.
Editor’s Be aware: The opinions expressed on this visitor writer article are solely these of the contributor and don’t essentially replicate these of Tripwire.
