Brain Cipher

Parsing : Enabled

Description

Brain Cipher ransomware surfaced in mid-2024, rapidly gaining notoriety after a high-impact attack on Indonesia’s National Data Center, which disrupted over 160 government services including immigration systems. The group operates with a double-extortion model, encrypting data using a LockBit 3.0-based payload (Salsa20/RSA hybrid) and threatening leaks via a Tor-hosted portal. Distinct behaviors include encrypting both file contents and filenames, and customizing encrypted file names with appended random extensions. Initial access methods include phishing and purchases from initial-access brokers. Ransom demands have ranged from tens of thousands up to $8 million USD, though victims have sometimes been offered decryption keys without payment. Victims span sectors such as government, healthcare, education, media, and manufacturing across Southeast Asia, Europe, and the Americas.

External Analysis
https://www.sentinelone.com/anthology/brain-cipher/
https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/brain-cipher
https://www.vectra.ai/modern-attack/threat-actors/brain-cipher
https://www.group-ib.com/masked-actors/brain-cipher/
https://wazuh.com/blog/detecting-brain-cipher-ransomware-with-wazuh/
https://www.reuters.com/technology/cybersecurity/indonesia-says-it-has-begun-recovering-data-after-major-ransomware-attack-2024-07-12/
Mail
brain.support@cyberfear.com
brain.dataleak@cyberfear.com
brain.decrypt@cyberfear.com
Urls
Screen
http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion/
Screen
http://vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion/
Screen
File servers
Screen
http://cuuhrxbg52c5agytmtjpwfu7mrs4xtaitc4mukkiy2kqdxeqbcmuhaid.onion/
http://4ldgw2wuidqu5ef3rzx4byonf3y7rdnh43jiw2z4sbtjiwic6gkov7yd.onion/c/lgc2Yxua65agt4XMOMkQKJjsdrV2IzYk
Screen
http://4ldgw2wuidqu5ef3rzx4byonf3y7rdnh43jiw2z4sbtjiwic6gkov7yd.onion/
Screen
http://zktnif5vckhmz5tyrukp5bamatbfhkxjnb23rspsanyzywcrx3bvtqad.onion/
Screen
http://yt7beb7fj6xbh4dndrlyvl3gn4ck36qn2oqheiqjs4bp3wspj3wgpcad.onion/
Screen
http://i6b4r6blgmm3r62zj42qxn6bvcbcrslcg6b6uwqws6xhnxz2howbhkid.onion/
Screen
http://pzghjpkm2liszmvjsttflp475zqxgrywjhr7xagc4bqfb2a7aw3qysyd.onion/
Screen
http://5v6tgs5xyuvl7kpg5b26e54kddlxdvktep2qmglawrohksv3qjwvw7qd.onion/
Screen
http://lhdv4ydjx5idzvntdrmcbwsh3dhdi3ww5hoz3ws2d5q5jlfewdacx4qd.onion/
Screen
http://oe7kcuvnulmdzir6zkewv5p353kc7qjf5tyqxfxabhzsm26pji44elqd.onion/
Screen
http://zv27q4tjvqxelm2imgztfg7gtl3v56oqabe77hiufqoqilis2dgcdsad.onion/
Screen
http://ubetdhmgnry4jk7ya7gh7p4hm4c3c57srkw62oc6hjmvvvkrqeybjjid.onion/
Screen
http://ixvarmokkir6t6fzpn7prussp3ulys66aeivrhcvrmfowqi2gi2fgryd.onion/
Screen
http://tahr6kwobsi7fj5j3hoyzxr34ipyiyuv2svhteht5td4etq23bcx7tyd.onion/
Screen
http://ncyg34lipi3w2u7yvxl3swr6wj6lsoeix3grrdsn6nmcv4r7vntanoid.onion/
Screen
http://bgpeqy3d5svuikeaueitix6zosg3pzekw77viulnucsiqsn4sjr65iyd.onion/
Screen
http://as7fbsjvifse52ek5qnptfgvkduvvnl56adb3jjgk6k3p7bisipvotyd.onion/
Screen
http://xangddavm54rgsju7iceahxztbqrcflzunffwbaswwhhftieygc4j3ad.onion/
Screen
http://q226mkoikzgyu33jin7ox3qo6tea7yhlgz52p5lslpj73edtocsz4wqd.onion/
Screen
http://hdgfvxxkepllbvqvk7vrudgwq55tg4joo4xpajaa3nv5gzpake66bnid.onion/
Screen
http://jgkgqztfmwk53wlttsjo6i3nmwtzoch2oi2bocqzb4zmp6kfspuiaead.onion/
Screen
Chat servers
Screen
http://p6wmotxzvg34tdmpwm4beqgrcyp5iys43snkccsahnw74la3k3xx6pad.onion
Screen
http://brain4zoadgr6clxecixffvxjsw43cflyprnpfeak72nfh664kqqriyd.onion/
Screen
http://braincgksuixxkpkme7zlpkh7u47oryxx574d74ws4eal4t2mxyahbqd.onion
Screen
Admin servers
Screen

Posts

Date Title Description Screen
2025-08-04
bw-lv.de
Screen
2025-07-28
VIRTUALWEB.US
Screen
2025-07-25
jorgefernandez.es
Screen
2025-05-03
ddecor.com
Screen
2025-05-03
ruizre.es
Screen
2025-05-03
soundtransit.org
Screen
2025-05-03
valedolobo.com
Screen
2025-05-03
edisoft.es
Screen
2025-05-03
iycsa.com.co
Screen
2025-04-11
mbmdubai.com
Screen
2025-02-25
neatem.fr | Update!
Screen
2025-02-19
Pulmonary Physicians of South Florida Clinics | Data security breach!
Screen
2025-02-17
neatem.fr
Screen
2025-02-17
Cirion Technologies
Screen
2024-12-23
It seems that it was easier to pay and calmly fix everything.
Screen
2024-12-17
Modern Dental Group Limited
Screen
2024-12-12
Estar Seguros, S.A.
Screen
2024-12-12
Cristal y Lavisa S.A. de C.V.
Screen
2024-12-04
Deloitte UK
Screen
2024-12-03
Royce Corporation
Screen
2024-12-02
G-ONE AUTO PARTS DE MÉXICO, S.A. DE C.V.
Screen
2024-11-13
COOPERATIVA TELEFONICA DE CALAFATE LTD.
Screen
2024-11-13
G-One Auto Parts de México S.A. de C.V.
Screen
2024-10-29
Berridge Manufacturing Co.
Screen
2024-10-28
K&S Tool & Mfg Co.
Screen
2024-10-28
Basilio Advogados
Screen
2024-10-28
CHRISTODOULOS G. VASSILIADES & CO. LLC
Screen
2024-09-22
hanwa.co.th
Screen
2024-08-28
rmn.fr
Screen
2024-08-27
ghanare.com
Screen
2024-08-21
beinlaw.co.il - Prof. Bein & Co.
Screen
2024-08-17
tiendasmacuto.com
Screen
2024-08-12
fabamaq.com
Screen
2024-08-12
cyceron.fr
Screen
2024-07-25
Sherbrooke Metals
Screen
2024-07-25
Apex Global | Big leak outlooks - 2tb.
Screen
2024-07-25
Cole Technologies Group
Screen
2024-07-25
Family Wealth Advisors Ltd.
Screen
2024-07-25
Mars 2 LLC
Screen
2024-07-03
Kominfo - 2 Very expensive advertising.
Screen
2024-07-03
Your advertisement Space for your advertising.
Screen
2024-07-02
Kominfo More important than money, only honor.
Screen