Brain Cipher
Compare
Parsing: enabled
Description
Brain Cipher ransomware surfaced in mid-2024, rapidly gaining notoriety after a high-impact attack on Indonesia’s National Data Center, which disrupted over 160 government services including immigration systems. The group operates with a double-extortion model, encrypting data using a LockBit 3.0-based payload (Salsa20/RSA hybrid) and threatening leaks via a Tor-hosted portal. Distinct behaviors include encrypting both file contents and filenames, and customizing encrypted file names with appended random extensions. Initial access methods include phishing and purchases from initial-access brokers. Ransom demands have ranged from tens of thousands up to $8 million USD, though victims have sometimes been offered decryption keys without payment. Victims span sectors such as government, healthcare, education, media, and manufacturing across Southeast Asia, Europe, and the Americas.
External Analysis6
| External Analysis |
|---|
| https://www.sentinelone.com/anthology/brain-cipher/ |
| https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/brain-cipher |
| https://www.vectra.ai/modern-attack/threat-actors/brain-cipher |
| https://www.group-ib.com/masked-actors/brain-cipher/ |
| https://wazuh.com/blog/detecting-brain-cipher-ransomware-with-wazuh/ |
| https://www.reuters.com/technology/cybersecurity/indonesia-says-it-has-begun-recovering-data-after-major-ransomware-attack-2024-07-12/ |
Mail3
| brain.support@cyberfear.com |
| brain.dataleak@cyberfear.com |
| brain.decrypt@cyberfear.com |
Urls2
| Url | ||||
|---|---|---|---|---|
| http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion/ | Down |
|
||
| http://vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion/ | Up |
|
File servers22
| Url | ||||
|---|---|---|---|---|
| http://cuuhrxbg52c5agytmtjpwfu7mrs4xtaitc4mukkiy2kqdxeqbcmuhaid.onion/ | Down | |||
| http://4ldgw2wuidqu5ef3rzx4byonf3y7rdnh43jiw2z4sbtjiwic6gkov7yd.onion/c/lgc2Yxua65agt4XMOMkQKJjsdrV2IzYk | Down |
|
||
| http://4ldgw2wuidqu5ef3rzx4byonf3y7rdnh43jiw2z4sbtjiwic6gkov7yd.onion/ | Down |
|
||
| http://zktnif5vckhmz5tyrukp5bamatbfhkxjnb23rspsanyzywcrx3bvtqad.onion/ | Down |
|
||
| http://yt7beb7fj6xbh4dndrlyvl3gn4ck36qn2oqheiqjs4bp3wspj3wgpcad.onion/ | Down |
|
||
| http://i6b4r6blgmm3r62zj42qxn6bvcbcrslcg6b6uwqws6xhnxz2howbhkid.onion/ | Down |
|
||
| http://pzghjpkm2liszmvjsttflp475zqxgrywjhr7xagc4bqfb2a7aw3qysyd.onion/ | Down |
|
||
| http://5v6tgs5xyuvl7kpg5b26e54kddlxdvktep2qmglawrohksv3qjwvw7qd.onion/ | Down |
|
||
| http://lhdv4ydjx5idzvntdrmcbwsh3dhdi3ww5hoz3ws2d5q5jlfewdacx4qd.onion/ | Down |
|
||
| http://oe7kcuvnulmdzir6zkewv5p353kc7qjf5tyqxfxabhzsm26pji44elqd.onion/ | Down |
|
||
| http://zv27q4tjvqxelm2imgztfg7gtl3v56oqabe77hiufqoqilis2dgcdsad.onion/ | Down |
|
||
| http://ubetdhmgnry4jk7ya7gh7p4hm4c3c57srkw62oc6hjmvvvkrqeybjjid.onion/ | Down |
|
||
| http://ixvarmokkir6t6fzpn7prussp3ulys66aeivrhcvrmfowqi2gi2fgryd.onion/ | Down |
|
||
| http://tahr6kwobsi7fj5j3hoyzxr34ipyiyuv2svhteht5td4etq23bcx7tyd.onion/ | Down |
|
||
| http://ncyg34lipi3w2u7yvxl3swr6wj6lsoeix3grrdsn6nmcv4r7vntanoid.onion/ | Down |
|
||
| http://bgpeqy3d5svuikeaueitix6zosg3pzekw77viulnucsiqsn4sjr65iyd.onion/ | Down |
|
||
| http://as7fbsjvifse52ek5qnptfgvkduvvnl56adb3jjgk6k3p7bisipvotyd.onion/ | Down |
|
||
| http://xangddavm54rgsju7iceahxztbqrcflzunffwbaswwhhftieygc4j3ad.onion/ | Down |
|
||
| http://q226mkoikzgyu33jin7ox3qo6tea7yhlgz52p5lslpj73edtocsz4wqd.onion/ | Down |
|
||
| http://hdgfvxxkepllbvqvk7vrudgwq55tg4joo4xpajaa3nv5gzpake66bnid.onion/ | Down |
|
||
| http://jgkgqztfmwk53wlttsjo6i3nmwtzoch2oi2bocqzb4zmp6kfspuiaead.onion/ | Down |
|
||
| http://zke5xim35cfolmq2h5i5sfmcoxr4pbpkfjwtq5lf6o4zo7avfcvnb5qd.onion/ | Down |
|
Chat servers3
| Url | ||||
|---|---|---|---|---|
| http://p6wmotxzvg34tdmpwm4beqgrcyp5iys43snkccsahnw74la3k3xx6pad.onion | Down |
|
||
| http://brain4zoadgr6clxecixffvxjsw43cflyprnpfeak72nfh664kqqriyd.onion/ | Down |
|
||
| http://braincgksuixxkpkme7zlpkh7u47oryxx574d74ws4eal4t2mxyahbqd.onion | Down |
|
Activity (interactive) 54
Posts54
| Date | Title | Description | Screen |
|---|---|---|---|
| liteline.com | We have 350GB of data. If you think you are here by mistake, please contact us at brain.dataleak@cyberfear.com | Screen | |
| westonconsulting.com | We have 800GB of data. If you think you are here by mistake, please contact us at brain.dataleak@cyberfear.com | Screen | |
| exceldor.ca | We have about 1.5 TB of data from the company's servers. We will publish some of it in the near future. If you think you are here by mistake, please contact us at brain.dataleak@cy... | Screen | |
| flbgroup.com | Screen | ||
| kisnet.co.jp | Screen | ||
| nwlr.ca | Screen | ||
| fsbgroup.ca | Screen | ||
| semag.fr | Screen | ||
| axxia.fr | Screen | ||
| oxfordcounty.ca | Screen | ||
| cdom.org | Screen | ||
| bmsi.org | Screen | ||
| bw-lv.de | Screen | ||
| VIRTUALWEB.US | Screen | ||
| jorgefernandez.es | Screen | ||
| ddecor.com | Screen | ||
| ruizre.es | Screen | ||
| soundtransit.org | Screen | ||
| valedolobo.com | Screen | ||
| edisoft.es | Screen | ||
| iycsa.com.co | Screen | ||
| mbmdubai.com | Screen | ||
| neatem.fr | Update! | Screen | ||
| Pulmonary Physicians of South Florida Clinics | Data security breach! | Screen | ||
| neatem.fr | Screen | ||
| Cirion Technologies | Screen | ||
| It seems that it was easier to pay and calmly fix everything. | Screen | ||
| Modern Dental Group Limited | Screen | ||
| Estar Seguros, S.A. | Screen | ||
| Cristal y Lavisa S.A. de C.V. | Screen | ||
| Deloitte UK | Screen | ||
| Royce Corporation | Screen | ||
| G-ONE AUTO PARTS DE MÉXICO, S.A. DE C.V. | Screen | ||
| COOPERATIVA TELEFONICA DE CALAFATE LTD. | Screen | ||
| G-One Auto Parts de México S.A. de C.V. | Screen | ||
| Berridge Manufacturing Co. | Screen | ||
| K&S Tool & Mfg Co. | Screen | ||
| Basilio Advogados | Screen | ||
| CHRISTODOULOS G. VASSILIADES & CO. LLC | Screen | ||
| hanwa.co.th | Screen | ||
| rmn.fr | Screen | ||
| ghanare.com | Screen | ||
| beinlaw.co.il - Prof. Bein & Co. | Screen | ||
| tiendasmacuto.com | Screen | ||
| fabamaq.com | Screen | ||
| cyceron.fr | Screen | ||
| Sherbrooke Metals | Screen | ||
| Apex Global | Big leak outlooks - 2tb. | Screen | ||
| Cole Technologies Group | Screen | ||
| Family Wealth Advisors Ltd. | Screen | ||
| Mars 2 LLC | Screen | ||
| Kominfo - 2 | Very expensive advertising. | Screen | |
| Your advertisement | Space for your advertising. | Screen | |
| Kominfo | More important than money, only honor. | Screen |
