Trusec researchers recently discovered a new ransomware-as-a-service group called Cicada3301. The gang provides its affiliates with a dual fraud platform that includes both a ransomware and a data leakage side. According to the research report, Cicada3301 first appeared in June 2024 and targets Windows and Linux ESXi hosts.
Similarity to ALPHV
In their analysis, security researchers found that this group has similarities to the defunct cybergang ALPHV (also known as BlackCat), noting that both Cicada3301 and ALPHV ransomware are written in Rust and use ChaCha20 encryption. They also use nearly identical commands to shut down VMs and delete snapshots, and “both use ui command parameters to provide a graphical result for encryption,” the researchers wrote.
The group takes its name from Cicada 3301, an infamous “internet mystery” involving three sets of puzzles that were published online from 2012 to 2014.
Source link