BlackCat Spinoff ‘Cicada3301’ Uses Stolen Creds on the Fly, Skirts EDR

BlackCat Spinoff 'Cicada3301' Uses Stolen Creds on the Fly, Skirts EDR

September 3, 2024 at 10:23AM

Cicada3301, a new ransomware, has evolved from the infamous 4chan puzzle project. It has already compromised 21 companies, mainly in Europe and North America. With advanced features and similarities to BlackCat ransomware, it poses a significant threat. Its stealth tactics and obfuscation have raised concerns, emphasizing the need for robust cybersecurity measures.

The meeting notes highlight the emergence of a new ransomware tool called Cicada3301, which has notable similarities to the BlackCat ransomware-as-a-service (RaaS) operation but with advanced features that make the encryption process smoother and more deliberate. Cicada3301 has been used to compromise 21 companies, with targets ranging from large enterprises to small businesses in various industries, primarily in Europe and North America. The ransomware distinguishes itself through customization of its encryption process, utilizing stolen credentials to infiltrate systems, and bypassing endpoint detection and response (EDR) protections. Notably, the authors of Cicada3301 appear to have rapidly improved its obfuscation capabilities, resulting in newer samples being undetected by antivirus products. It is important for companies to be cautious about the potential threats posed by Cicada3301 and take necessary precautions to protect their data and systems against such ransomware attacks.

Full Article