Ransomware, Threat Intelligence

Threat operation behind Cicada3301 ransomware delivery examined

Share

Newly-emergent Cicada3301 ransomware has been primarily distributed by the novel Repellent Scorpius ransomware-as-a-service operation, which has sought new affiliates since its emergence in May, according to SiliconAngle.

Attacks by Repellent Scorpius involving data theft and encryption commenced a month before the arrival of Cicada3301, with the source of data acquired by the group before the ransomware strain's emergence still uncertain, a report from Palo Alto Networks Unit 42 showed. However, further analysis revealed that Repellent Scorpius leveraged an IP address associated with the ALPHV/BlackCat ransomware operation. Such findings, which follow a Morphisec report detailing similarities between Cicada3301 and ALPHV/BlackCat, also noted Repellent Scorpius' potential ramping up of malicious operations amid ongoing affiliate and initial access broker recruitment efforts. "We can expect to see attackers posting a growing list of active incidents and victims on their leak site in the near future," said researchers.

Threat operation behind Cicada3301 ransomware delivery examined

Attacks by Repellent Scorpius involving data theft and encryption commenced a month before the arrival of Cicada3301, with the source of data acquired by the group before the ransomware strain's emergence still uncertain.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.