Brain Cipher
Parsing : Enabled
Description
Brain Cipher ransomware surfaced in mid-2024, rapidly gaining notoriety after a high-impact attack on Indonesia’s National Data Center, which disrupted over 160 government services including immigration systems. The group operates with a double-extortion model, encrypting data using a LockBit 3.0-based payload (Salsa20/RSA hybrid) and threatening leaks via a Tor-hosted portal. Distinct behaviors include encrypting both file contents and filenames, and customizing encrypted file names with appended random extensions. Initial access methods include phishing and purchases from initial-access brokers. Ransom demands have ranged from tens of thousands up to $8 million USD, though victims have sometimes been offered decryption keys without payment. Victims span sectors such as government, healthcare, education, media, and manufacturing across Southeast Asia, Europe, and the Americas.
| External Analysis |
| https://www.sentinelone.com/anthology/brain-cipher/ |
| https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/brain-cipher |
| https://www.vectra.ai/modern-attack/threat-actors/brain-cipher |
| https://www.group-ib.com/masked-actors/brain-cipher/ |
| https://wazuh.com/blog/detecting-brain-cipher-ransomware-with-wazuh/ |
| https://www.reuters.com/technology/cybersecurity/indonesia-says-it-has-begun-recovering-data-after-major-ransomware-attack-2024-07-12/ |
| Mail |
| brain.support@cyberfear.com |
| brain.dataleak@cyberfear.com |
| brain.decrypt@cyberfear.com |
| Urls |
Screen |
| http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion/ |
Screen |
| http://vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion/ |
Screen |
| File servers |
Screen |
| http://cuuhrxbg52c5agytmtjpwfu7mrs4xtaitc4mukkiy2kqdxeqbcmuhaid.onion/ |
|
| http://4ldgw2wuidqu5ef3rzx4byonf3y7rdnh43jiw2z4sbtjiwic6gkov7yd.onion/c/lgc2Yxua65agt4XMOMkQKJjsdrV2IzYk |
Screen |
| http://4ldgw2wuidqu5ef3rzx4byonf3y7rdnh43jiw2z4sbtjiwic6gkov7yd.onion/ |
Screen |
| http://zktnif5vckhmz5tyrukp5bamatbfhkxjnb23rspsanyzywcrx3bvtqad.onion/ |
Screen |
| http://yt7beb7fj6xbh4dndrlyvl3gn4ck36qn2oqheiqjs4bp3wspj3wgpcad.onion/ |
Screen |
| http://i6b4r6blgmm3r62zj42qxn6bvcbcrslcg6b6uwqws6xhnxz2howbhkid.onion/ |
Screen |
| http://pzghjpkm2liszmvjsttflp475zqxgrywjhr7xagc4bqfb2a7aw3qysyd.onion/ |
Screen |
| http://5v6tgs5xyuvl7kpg5b26e54kddlxdvktep2qmglawrohksv3qjwvw7qd.onion/ |
Screen |
| http://lhdv4ydjx5idzvntdrmcbwsh3dhdi3ww5hoz3ws2d5q5jlfewdacx4qd.onion/ |
Screen |
| http://oe7kcuvnulmdzir6zkewv5p353kc7qjf5tyqxfxabhzsm26pji44elqd.onion/ |
Screen |
| http://zv27q4tjvqxelm2imgztfg7gtl3v56oqabe77hiufqoqilis2dgcdsad.onion/ |
Screen |
| http://ubetdhmgnry4jk7ya7gh7p4hm4c3c57srkw62oc6hjmvvvkrqeybjjid.onion/ |
Screen |
| http://ixvarmokkir6t6fzpn7prussp3ulys66aeivrhcvrmfowqi2gi2fgryd.onion/ |
Screen |
| http://tahr6kwobsi7fj5j3hoyzxr34ipyiyuv2svhteht5td4etq23bcx7tyd.onion/ |
Screen |
| http://ncyg34lipi3w2u7yvxl3swr6wj6lsoeix3grrdsn6nmcv4r7vntanoid.onion/ |
Screen |
| http://bgpeqy3d5svuikeaueitix6zosg3pzekw77viulnucsiqsn4sjr65iyd.onion/ |
Screen |
| http://as7fbsjvifse52ek5qnptfgvkduvvnl56adb3jjgk6k3p7bisipvotyd.onion/ |
Screen |
| http://xangddavm54rgsju7iceahxztbqrcflzunffwbaswwhhftieygc4j3ad.onion/ |
Screen |
| http://q226mkoikzgyu33jin7ox3qo6tea7yhlgz52p5lslpj73edtocsz4wqd.onion/ |
Screen |
| http://hdgfvxxkepllbvqvk7vrudgwq55tg4joo4xpajaa3nv5gzpake66bnid.onion/ |
Screen |
| http://jgkgqztfmwk53wlttsjo6i3nmwtzoch2oi2bocqzb4zmp6kfspuiaead.onion/ |
Screen |
| Chat servers |
Screen |
| http://p6wmotxzvg34tdmpwm4beqgrcyp5iys43snkccsahnw74la3k3xx6pad.onion |
Screen |
| http://brain4zoadgr6clxecixffvxjsw43cflyprnpfeak72nfh664kqqriyd.onion/ |
Screen |
| http://braincgksuixxkpkme7zlpkh7u47oryxx574d74ws4eal4t2mxyahbqd.onion |
Screen |
Posts
| Date |
Title |
Description |
Screen |
| 2025-08-04 |
bw-lv.de |
|
Screen |
| 2025-07-28 |
VIRTUALWEB.US |
|
Screen |
| 2025-07-25 |
jorgefernandez.es |
|
Screen |
| 2025-05-03 |
ddecor.com |
|
Screen |
| 2025-05-03 |
ruizre.es |
|
Screen |
| 2025-05-03 |
soundtransit.org |
|
Screen |
| 2025-05-03 |
valedolobo.com |
|
Screen |
| 2025-05-03 |
edisoft.es |
|
Screen |
| 2025-05-03 |
iycsa.com.co |
|
Screen |
| 2025-04-11 |
mbmdubai.com |
|
Screen |
| 2025-02-25 |
neatem.fr | Update! |
|
Screen |
| 2025-02-19 |
Pulmonary Physicians of South Florida Clinics | Data security breach! |
|
Screen |
| 2025-02-17 |
neatem.fr |
|
Screen |
| 2025-02-17 |
Cirion Technologies |
|
Screen |
| 2024-12-23 |
It seems that it was easier to pay and calmly fix everything. |
|
Screen |
| 2024-12-17 |
Modern Dental Group Limited |
|
Screen |
| 2024-12-12 |
Estar Seguros, S.A. |
|
Screen |
| 2024-12-12 |
Cristal y Lavisa S.A. de C.V. |
|
Screen |
| 2024-12-04 |
Deloitte UK |
|
Screen |
| 2024-12-03 |
Royce Corporation |
|
Screen |
| 2024-12-02 |
G-ONE AUTO PARTS DE MÉXICO, S.A. DE C.V. |
|
Screen |
| 2024-11-13 |
COOPERATIVA TELEFONICA DE CALAFATE LTD. |
|
Screen |
| 2024-11-13 |
G-One Auto Parts de México S.A. de C.V. |
|
Screen |
| 2024-10-29 |
Berridge Manufacturing Co. |
|
Screen |
| 2024-10-28 |
K&S Tool & Mfg Co. |
|
Screen |
| 2024-10-28 |
Basilio Advogados |
|
Screen |
| 2024-10-28 |
CHRISTODOULOS G. VASSILIADES & CO. LLC |
|
Screen |
| 2024-09-22 |
hanwa.co.th |
|
Screen |
| 2024-08-28 |
rmn.fr |
|
Screen |
| 2024-08-27 |
ghanare.com |
|
Screen |
| 2024-08-21 |
beinlaw.co.il - Prof. Bein & Co. |
|
Screen |
| 2024-08-17 |
tiendasmacuto.com |
|
Screen |
| 2024-08-12 |
fabamaq.com |
|
Screen |
| 2024-08-12 |
cyceron.fr |
|
Screen |
| 2024-07-25 |
Sherbrooke Metals |
|
Screen |
| 2024-07-25 |
Apex Global | Big leak outlooks - 2tb. |
|
Screen |
| 2024-07-25 |
Cole Technologies Group |
|
Screen |
| 2024-07-25 |
Family Wealth Advisors Ltd. |
|
Screen |
| 2024-07-25 |
Mars 2 LLC |
|
Screen |
| 2024-07-03 |
Kominfo - 2 |
Very expensive advertising. |
Screen |
| 2024-07-03 |
Your advertisement |
Space for your advertising. |
Screen |
| 2024-07-02 |
Kominfo |
More important than money, only honor. |
Screen |