Atomsilo
Parsing : Enabled
Known to be a RaaS
Description
AtomSilo emerged in September 2021 and ceased operations by year-end 2021. It functioned with a double‑extortion model, combining file encryption with data exfiltration and leak threats. The malware uses a hybrid encryption scheme—AES‑256 for file encryption and RSA‑4096 to secure the AES key—and appends the extension .ATOMSILO to encrypted files. Ransom notes follow formats like README-FILE-{computer name}-{timestamp}.hta or ATOMSILO-README.hta. Structurally and operationally, AtomSilo closely resembles the LockFile ransomware and is attributed to the Chinese state-linked actor BRONZE STARLIGHT (aka Cinnamon Tempest, DEV‑0401, Emperor Dragonfly, SLIME34), likely serving as a smokescreen for espionage-driven data theft. Victims spanned multiple industries and countries, including notable high extortion demands up to $1 million USD. The group also exploited the Atlassian Confluence vulnerability (CVE‑2021‑26084) for initial access and used DLL side‑loading for stealthy deployment.
| External Analysis |
| https://chuongdong.com//reverse%20engineering/2021/10/13/AtomSiloRansomware/ |
| https://chuongdong.com/reverse%20engineering/2021/10/13/AtomSiloRansomware/ |
| https://decoded.avast.io/threatintel/decryptor-for-atomsilo-and-lockfile-ransomware/ |
| https://news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/ |
| https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/ |
| https://twitter.com/siri_urz/status/1437664046556274694?s=20 |
| https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself |
| https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader |
| https://www.zscaler.com/blogs/security-research/atomsilo-ransomware-enters-league-double-extortion |
| Urls |
Screen |
| http://mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd.onion |
|
| http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion/list.html |
|
Posts
| Date |
Title |
Description |
Screen |
| 2021-12-30 |
Tegravendas |
|
|
| 2021-12-29 |
Cristália - Indústria Farmacêutica |
|
|
| 2021-12-21 |
Tegravendas |
|
|
| 2021-12-21 |
Eisai Co., Ltd. |
|
|
| 2021-12-21 |
LIGHT CONVERSION |
|
|
| 2021-12-21 |
Cristália - Indústria Farmacêutica |
|
|