Brain Cipher

Compare

Parsing: enabled

Description

Brain Cipher ransomware surfaced in mid-2024, rapidly gaining notoriety after a high-impact attack on Indonesia’s National Data Center, which disrupted over 160 government services including immigration systems. The group operates with a double-extortion model, encrypting data using a LockBit 3.0-based payload (Salsa20/RSA hybrid) and threatening leaks via a Tor-hosted portal. Distinct behaviors include encrypting both file contents and filenames, and customizing encrypted file names with appended random extensions. Initial access methods include phishing and purchases from initial-access brokers. Ransom demands have ranged from tens of thousands up to $8 million USD, though victims have sometimes been offered decryption keys without payment. Victims span sectors such as government, healthcare, education, media, and manufacturing across Southeast Asia, Europe, and the Americas.

External Analysis6

External Analysis
https://www.sentinelone.com/anthology/brain-cipher/
https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/brain-cipher
https://www.vectra.ai/modern-attack/threat-actors/brain-cipher
https://www.group-ib.com/masked-actors/brain-cipher/
https://wazuh.com/blog/detecting-brain-cipher-ransomware-with-wazuh/
https://www.reuters.com/technology/cybersecurity/indonesia-says-it-has-begun-recovering-data-after-major-ransomware-attack-2024-07-12/

Mail3

Mail
brain.support@cyberfear.com
brain.dataleak@cyberfear.com
brain.decrypt@cyberfear.com

Urls2

Url	Status	Screen	Uptime 30d	Health
http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion/	Down		—
http://vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion/	Down		0%

File servers22

Url	Status	Uptime 30d
http://cuuhrxbg52c5agytmtjpwfu7mrs4xtaitc4mukkiy2kqdxeqbcmuhaid.onion/	Down	—
http://4ldgw2wuidqu5ef3rzx4byonf3y7rdnh43jiw2z4sbtjiwic6gkov7yd.onion/c/lgc2Yxua65agt4XMOMkQKJjsdrV2IzYk	Up	33%
http://4ldgw2wuidqu5ef3rzx4byonf3y7rdnh43jiw2z4sbtjiwic6gkov7yd.onion/	Down	33%
http://zktnif5vckhmz5tyrukp5bamatbfhkxjnb23rspsanyzywcrx3bvtqad.onion/	Up	67%
http://yt7beb7fj6xbh4dndrlyvl3gn4ck36qn2oqheiqjs4bp3wspj3wgpcad.onion/	Down	0%
http://i6b4r6blgmm3r62zj42qxn6bvcbcrslcg6b6uwqws6xhnxz2howbhkid.onion/	Up	0%
http://pzghjpkm2liszmvjsttflp475zqxgrywjhr7xagc4bqfb2a7aw3qysyd.onion/	Down	0%
http://5v6tgs5xyuvl7kpg5b26e54kddlxdvktep2qmglawrohksv3qjwvw7qd.onion/	Up	33%
http://lhdv4ydjx5idzvntdrmcbwsh3dhdi3ww5hoz3ws2d5q5jlfewdacx4qd.onion/	Down	33%
http://oe7kcuvnulmdzir6zkewv5p353kc7qjf5tyqxfxabhzsm26pji44elqd.onion/	Down	0%
http://zv27q4tjvqxelm2imgztfg7gtl3v56oqabe77hiufqoqilis2dgcdsad.onion/	Up	33%
http://ubetdhmgnry4jk7ya7gh7p4hm4c3c57srkw62oc6hjmvvvkrqeybjjid.onion/	Up	0%
http://ixvarmokkir6t6fzpn7prussp3ulys66aeivrhcvrmfowqi2gi2fgryd.onion/	Up	67%
http://tahr6kwobsi7fj5j3hoyzxr34ipyiyuv2svhteht5td4etq23bcx7tyd.onion/	Down	0%
http://ncyg34lipi3w2u7yvxl3swr6wj6lsoeix3grrdsn6nmcv4r7vntanoid.onion/	Down	33%
http://bgpeqy3d5svuikeaueitix6zosg3pzekw77viulnucsiqsn4sjr65iyd.onion/	Up	33%
http://as7fbsjvifse52ek5qnptfgvkduvvnl56adb3jjgk6k3p7bisipvotyd.onion/	Up	67%
http://xangddavm54rgsju7iceahxztbqrcflzunffwbaswwhhftieygc4j3ad.onion/	Down	0%
http://q226mkoikzgyu33jin7ox3qo6tea7yhlgz52p5lslpj73edtocsz4wqd.onion/	Up	33%
http://hdgfvxxkepllbvqvk7vrudgwq55tg4joo4xpajaa3nv5gzpake66bnid.onion/	Down	100%
http://jgkgqztfmwk53wlttsjo6i3nmwtzoch2oi2bocqzb4zmp6kfspuiaead.onion/	Down	67%
http://zke5xim35cfolmq2h5i5sfmcoxr4pbpkfjwtq5lf6o4zo7avfcvnb5qd.onion/	Up	67%

Chat servers3

Url	Status	Uptime 30d
http://p6wmotxzvg34tdmpwm4beqgrcyp5iys43snkccsahnw74la3k3xx6pad.onion	Down	—
http://brain4zoadgr6clxecixffvxjsw43cflyprnpfeak72nfh664kqqriyd.onion/	Down	0%
http://braincgksuixxkpkme7zlpkh7u47oryxx574d74ws4eal4t2mxyahbqd.onion	Down	100%

Activity (interactive) 48

Posts48

Date	Title	Description
2025-10-30	fsbgroup.ca
2025-10-30	semag.fr
2025-10-30	axxia.fr
2025-10-20	oxfordcounty.ca
2025-10-20	cdom.org
2025-09-16	bmsi.org
2025-08-04	bw-lv.de
2025-07-28	VIRTUALWEB.US
2025-07-25	jorgefernandez.es
2025-05-03	ddecor.com
2025-05-03	ruizre.es
2025-05-03	soundtransit.org
2025-05-03	valedolobo.com
2025-05-03	edisoft.es
2025-05-03	iycsa.com.co
2025-04-11	mbmdubai.com
2025-02-25	neatem.fr \| Update!
2025-02-19	Pulmonary Physicians of South Florida Clinics \| Data security breach!
2025-02-17	neatem.fr
2025-02-17	Cirion Technologies
2024-12-23	It seems that it was easier to pay and calmly fix everything.
2024-12-17	Modern Dental Group Limited
2024-12-12	Estar Seguros, S.A.
2024-12-12	Cristal y Lavisa S.A. de C.V.
2024-12-04	Deloitte UK
2024-12-03	Royce Corporation
2024-12-02	G-ONE AUTO PARTS DE MÉXICO, S.A. DE C.V.
2024-11-13	COOPERATIVA TELEFONICA DE CALAFATE LTD.
2024-11-13	G-One Auto Parts de México S.A. de C.V.
2024-10-29	Berridge Manufacturing Co.
2024-10-28	K&S Tool & Mfg Co.
2024-10-28	Basilio Advogados
2024-10-28	CHRISTODOULOS G. VASSILIADES & CO. LLC
2024-09-22	hanwa.co.th
2024-08-28	rmn.fr
2024-08-27	ghanare.com
2024-08-21	beinlaw.co.il - Prof. Bein & Co.
2024-08-17	tiendasmacuto.com
2024-08-12	fabamaq.com
2024-08-12	cyceron.fr
2024-07-25	Sherbrooke Metals
2024-07-25	Apex Global \| Big leak outlooks - 2tb.
2024-07-25	Cole Technologies Group
2024-07-25	Family Wealth Advisors Ltd.
2024-07-25	Mars 2 LLC
2024-07-03	Kominfo - 2	Very expensive advertising.
2024-07-03	Your advertisement	Space for your advertising.
2024-07-02	Kominfo	More important than money, only honor.