Cicada3301: The New Rust-Based Ransomware Wreaking Havoc on Windows and Linux Systems. Here is what to know.

A new ransomware variant, Cicada3301, has emerged, targeting both Windows and Linux systems. This ransomware, written in Rust, has been making headlines due to its sophisticated approach and the significant threat it poses to various industries.

What is Cicada3301?

Cicada3301 is a ransomware-as-a-service (RaaS) operation that has been active since mid-June 2024. The group behind it has been promoting their services on cybercrime forums, aiming to recruit affiliates to spread their ransomware. This ransomware targets both Windows and Linux/ESXi hosts, with a particular focus on VMware ESXi systems.

How Does Cicada3301 Work?

Attackers gain access to systems by brute-forcing or stealing valid credentials. Once inside, they use remote access tools like ScreenConnect to execute the ransomware. The ransomware then shuts down virtual machines and deletes snapshots using ESXi commands. It encrypts files using the ChaCha20 cipher, applying full encryption to files under 100 MB and intermittent encryption to larger files.

Impact on Victims

Cicada3301 has already listed at least 20 victims on its leak site, primarily targeting businesses in North America and England. The affected industries include manufacturing, healthcare, retail, and hospitality. The ransomware not only encrypts data but also threatens to expose it unless a ransom is paid, adding a layer of extortion to the attack.

Technical Details

The ransomware uses a symmetric key generated by the random number generator “Osrng” to encrypt files. After encryption, the ChaCha20 symmetric key is encrypted with an RSA key, which is needed to decrypt the recovery instructions. This method ensures that victims cannot easily recover their data without paying the ransom.

Mitigation and Prevention

To protect against Cicada3301, organizations should implement strong password policies and multi-factor authentication to prevent unauthorized access. Regular backups and a robust incident response plan can also help mitigate the impact of a ransomware attack. Additionally, keeping systems and software up to date with the latest security patches is crucial.

Conclusion

Cicada3301 represents a significant threat due to its advanced encryption techniques and dual targeting of Windows and Linux systems. Organizations must stay vigilant and adopt comprehensive security measures to defend against such sophisticated ransomware attacks.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it