The Nimble Nerd white logo

Ransomware Rampage: Cicada3301 Targets SMBs with ALPHV-like Tactics

Cicada3301 ransomware is targeting small to medium-sized businesses with a toolkit that reads like a villain’s grocery list—PsExec, ChaCha20 encryption, and even some driver-bypassing wizardry. With similarities to the defunct BlackCat, this new variant is giving cybersecurity researchers plenty of headaches and maybe a few…

3p
Published: September 3, 2024 1:49 pmAdded: September 3, 2024 at 7:14 amAssembled by: The Editor

Hot Take:

Looks like the Cicada3301 ransomware is trying to be the BlackCat of the malware world – a copycat with a twist! It’s like the villainous understudy who finally got the lead role but is still using the old script.

Key Points:

  • Cicada3301 targets SMBs through vulnerabilities and is written in Rust.
  • It shares many similarities with the now-defunct BlackCat (ALPHV) ransomware.
  • The ransomware embeds compromised user credentials and uses legitimate tools like PsExec for remote execution.
  • Cicada3301 uses the ChaCha20 encryption method and disables system recovery features.
  • The ransomware also targets VMware ESXi systems and uses intermittent encryption for large files.

Membership Required

 You must be a member to access this content.

View Membership Levels