Brain Cipher

7/33 degraded parser

Compare Crypto

61posts (all time)

3last 30 days

1last 7 days

20% avg uptime 30d

Activity · last 30 days last post 2026-06-01 17:49

Parsing: enabled

View crypto

Description

Brain Cipher ransomware surfaced in mid-2024, rapidly gaining notoriety after a high-impact attack on Indonesia’s National Data Center, which disrupted over 160 government services including immigration systems. The group operates with a double-extortion model, encrypting data using a LockBit 3.0-based payload (Salsa20/RSA hybrid) and threatening leaks via a Tor-hosted portal. Distinct behaviors include encrypting both file contents and filenames, and customizing encrypted file names with appended random extensions. Initial access methods include phishing and purchases from initial-access brokers. Ransom demands have ranged from tens of thousands up to $8 million USD, though victims have sometimes been offered decryption keys without payment. Victims span sectors such as government, healthcare, education, media, and manufacturing across Southeast Asia, Europe, and the Americas.

External Analysis6

External Analysis
https://www.sentinelone.com/anthology/brain-cipher/
https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/brain-cipher
https://www.vectra.ai/modern-attack/threat-actors/brain-cipher
https://www.group-ib.com/masked-actors/brain-cipher/
https://wazuh.com/blog/detecting-brain-cipher-ransomware-with-wazuh/
https://www.reuters.com/technology/cybersecurity/indonesia-says-it-has-begun-recovering-data-after-major-ransomware-attack-2024-07-12/

Mail3

Mail
brain.support@cyberfear.com
brain.dataleak@cyberfear.com
brain.decrypt@cyberfear.com

Urls2

Url	Status	Screen	Uptime 30d	Health
http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion/	Down		0%
http://vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion/	Up		100%

File servers28

Url	Status	Uptime 30d
http://cuuhrxbg52c5agytmtjpwfu7mrs4xtaitc4mukkiy2kqdxeqbcmuhaid.onion/	Down	0%
http://4ldgw2wuidqu5ef3rzx4byonf3y7rdnh43jiw2z4sbtjiwic6gkov7yd.onion/c/lgc2Yxua65agt4XMOMkQKJjsdrV2IzYk	Down	0%
http://4ldgw2wuidqu5ef3rzx4byonf3y7rdnh43jiw2z4sbtjiwic6gkov7yd.onion/	Down	0%
http://zktnif5vckhmz5tyrukp5bamatbfhkxjnb23rspsanyzywcrx3bvtqad.onion/	Down	0%
http://yt7beb7fj6xbh4dndrlyvl3gn4ck36qn2oqheiqjs4bp3wspj3wgpcad.onion/	Down	0%
http://i6b4r6blgmm3r62zj42qxn6bvcbcrslcg6b6uwqws6xhnxz2howbhkid.onion/	Down	0%
http://pzghjpkm2liszmvjsttflp475zqxgrywjhr7xagc4bqfb2a7aw3qysyd.onion/	Down	0%
http://5v6tgs5xyuvl7kpg5b26e54kddlxdvktep2qmglawrohksv3qjwvw7qd.onion/	Down	0%
http://lhdv4ydjx5idzvntdrmcbwsh3dhdi3ww5hoz3ws2d5q5jlfewdacx4qd.onion/	Down	0%
http://oe7kcuvnulmdzir6zkewv5p353kc7qjf5tyqxfxabhzsm26pji44elqd.onion/	Down	0%
http://zv27q4tjvqxelm2imgztfg7gtl3v56oqabe77hiufqoqilis2dgcdsad.onion/	Down	0%
http://ubetdhmgnry4jk7ya7gh7p4hm4c3c57srkw62oc6hjmvvvkrqeybjjid.onion/	Down	0%
http://ixvarmokkir6t6fzpn7prussp3ulys66aeivrhcvrmfowqi2gi2fgryd.onion/	Down	0%
http://tahr6kwobsi7fj5j3hoyzxr34ipyiyuv2svhteht5td4etq23bcx7tyd.onion/	Down	0%
http://ncyg34lipi3w2u7yvxl3swr6wj6lsoeix3grrdsn6nmcv4r7vntanoid.onion/	Down	0%
http://bgpeqy3d5svuikeaueitix6zosg3pzekw77viulnucsiqsn4sjr65iyd.onion/	Down	0%
http://as7fbsjvifse52ek5qnptfgvkduvvnl56adb3jjgk6k3p7bisipvotyd.onion/	Down	0%
http://xangddavm54rgsju7iceahxztbqrcflzunffwbaswwhhftieygc4j3ad.onion/	Down	0%
http://q226mkoikzgyu33jin7ox3qo6tea7yhlgz52p5lslpj73edtocsz4wqd.onion/	Down	0%
http://hdgfvxxkepllbvqvk7vrudgwq55tg4joo4xpajaa3nv5gzpake66bnid.onion/	Down	0%
http://jgkgqztfmwk53wlttsjo6i3nmwtzoch2oi2bocqzb4zmp6kfspuiaead.onion/	Down	0%
http://zke5xim35cfolmq2h5i5sfmcoxr4pbpkfjwtq5lf6o4zo7avfcvnb5qd.onion/	Down	0%
http://3frnhzcnlkjnw5q3tm6elzizinm2k3bmrtf2xwqjzpcxzeqwn2tv6wyd.onion/	Up	97%
http://6ft2dfh26wm3w44orpjcgviutvfp25ez2iyh5ego5egvfmifrws7vvqd.onion/	Up	93%
http://zijgmuqjzb6dc7pofxhtaiz36qqyg35lhutybmzaz6whzgei2casjgid.onion/	Up	93%
http://inzk64xcf3sm6qzkehmio7piwhkslhnab3rlviniyg7alcgsxvy7kcyd.onion/	Up	97%
http://upiqcdsgvh6v5owteasjzyxbj2xug574dj4fctthehd7zjq7wmuxbwqd.onion/	Up	93%
http://psv5ejeysrncs6ltu4pkjyazswcmw3atmxi4eg44a6luudin5ufchcqd.onion/	Up	97%

Chat servers3

Url	Status	Uptime 30d
http://p6wmotxzvg34tdmpwm4beqgrcyp5iys43snkccsahnw74la3k3xx6pad.onion	Down	0%
http://brain4zoadgr6clxecixffvxjsw43cflyprnpfeak72nfh664kqqriyd.onion/	Down	0%
http://braincgksuixxkpkme7zlpkh7u47oryxx574d74ws4eal4t2mxyahbqd.onion	Down	0%

Activity (interactive) 61

Posts61

Date	Title	Description
2026-06-01	squamish.net	We have a lot of confidential documents. If you think you are here by mistake, please contact us at brain.dataleak@cyberfear.com
2026-05-21	sheppadviser.com.au	We have more 350GB of data. If you think you are here by mistake, please contact us at brain.dataleak@cyberfear.com
2026-05-12	ice.org.uk	We have more 1TB of data. If you think you are here by mistake, please contact us at brain.dataleak@cyberfear.com
2026-04-25	bridgeway-consulting.co.uk	We have 500GB of data. If you think you are here by mistake, please contact us at brain.dataleak@cyberfear.com
2026-04-06	soundinsurance.ca	We have 500GB of data. If you think you are here by mistake, please contact us at brain.dataleak@cyberfear.com
2026-04-06	endeavourautomotive.co.uk	We have 150GB of data. If you think you are here by mistake, please contact us at brain.dataleak@cyberfear.com
2026-04-06	eworldme.com	We have 300GB of data. If you think you are here by mistake, please contact us at brain.dataleak@cyberfear.com
2026-03-05	liteline.com	We have 350GB of data. If you think you are here by mistake, please contact us at brain.dataleak@cyberfear.com
2026-03-05	westonconsulting.com	We have 800GB of data. If you think you are here by mistake, please contact us at brain.dataleak@cyberfear.com
2026-02-19	exceldor.ca	We have about 1.5 TB of data from the company's servers. We will publish some of it in the near future. If you think you are here by mistake, please contact us at brain.dataleak@cy...
2026-01-22	flbgroup.com
2026-01-22	kisnet.co.jp
2026-01-22	nwlr.ca
2025-10-30	fsbgroup.ca
2025-10-30	semag.fr
2025-10-30	axxia.fr
2025-10-20	oxfordcounty.ca
2025-10-20	cdom.org
2025-09-16	bmsi.org
2025-08-04	bw-lv.de
2025-07-28	VIRTUALWEB.US
2025-07-25	jorgefernandez.es
2025-05-03	ddecor.com
2025-05-03	ruizre.es
2025-05-03	soundtransit.org
2025-05-03	valedolobo.com
2025-05-03	edisoft.es
2025-05-03	iycsa.com.co
2025-04-11	mbmdubai.com
2025-02-25	neatem.fr \| Update!
2025-02-19	Pulmonary Physicians of South Florida Clinics \| Data security breach!
2025-02-17	neatem.fr
2025-02-17	Cirion Technologies
2024-12-23	It seems that it was easier to pay and calmly fix everything.
2024-12-17	Modern Dental Group Limited
2024-12-12	Estar Seguros, S.A.
2024-12-12	Cristal y Lavisa S.A. de C.V.
2024-12-04	Deloitte UK
2024-12-03	Royce Corporation
2024-12-02	G-ONE AUTO PARTS DE MÉXICO, S.A. DE C.V.
2024-11-13	COOPERATIVA TELEFONICA DE CALAFATE LTD.
2024-11-13	G-One Auto Parts de México S.A. de C.V.
2024-10-29	Berridge Manufacturing Co.
2024-10-28	K&S Tool & Mfg Co.
2024-10-28	Basilio Advogados
2024-10-28	CHRISTODOULOS G. VASSILIADES & CO. LLC
2024-09-22	hanwa.co.th
2024-08-28	rmn.fr
2024-08-27	ghanare.com
2024-08-21	beinlaw.co.il - Prof. Bein & Co.
2024-08-17	tiendasmacuto.com
2024-08-12	fabamaq.com
2024-08-12	cyceron.fr
2024-07-25	Sherbrooke Metals
2024-07-25	Apex Global \| Big leak outlooks - 2tb.
2024-07-25	Cole Technologies Group
2024-07-25	Family Wealth Advisors Ltd.
2024-07-25	Mars 2 LLC
2024-07-03	Kominfo - 2	Very expensive advertising.
2024-07-03	Your advertisement	Space for your advertising.
2024-07-02	Kominfo	More important than money, only honor.