Kasseika

Description

Kasseika is a ransomware variant first publicly reported in January 2024, identified as a new evolution of the BlackMatter/LockBit ransomware codebase. The malware appends the .kasseika extension to encrypted files and uses a double-extortion model, combining file encryption with threats to publish stolen data on a Tor-based leak site. Early analysis revealed that Kasseika shares several traits with LockBit 3.0, including encryption routines, obfuscation methods, and ransom note structure, but with modified branding and negotiation portals. Initial access vectors have not been widely confirmed, though patterns from related ransomware suggest the use of compromised credentials, RDP exploitation, and vulnerabilities in public-facing services. Victims have been observed in North America, Europe, and Asia, spanning industries like manufacturing, logistics, and professional services.

External Analysis
https://www.bleepingcomputer.com/news/security/new-kasseika-ransomware-emerges-with-links-to-blackmatter-lockbit/
https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware.html
https://asec.ahnlab.com/en/60537/
Urls
Screen
File servers
Screen
Chat servers
Screen
Admin servers
Screen