Ransomware Rampage: Cicada3301 Targets SMBs with ALPHV-like Tactics

Cicada3301 ransomware is targeting small to medium-sized businesses with a toolkit that reads like a villain’s grocery list—PsExec, ChaCha20 encryption, and even some driver-bypassing wizardry. With similarities to the defunct BlackCat, this new variant is giving cybersecurity researchers plenty of headaches and maybe a few gray hairs.

3P
Published: September 3, 2024 1:49 pmAdded: September 3, 2024 at 7:14 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like the Cicada3301 ransomware is trying to be the BlackCat of the malware world – a copycat with a twist! It’s like the villainous understudy who finally got the lead role but is still using the old script.

Key Points:

  • Cicada3301 targets SMBs through vulnerabilities and is written in Rust.
  • It shares many similarities with the now-defunct BlackCat (ALPHV) ransomware.
  • The ransomware embeds compromised user credentials and uses legitimate tools like PsExec for remote execution.
  • Cicada3301 uses the ChaCha20 encryption method and disables system recovery features.
  • The ransomware also targets VMware ESXi systems and uses intermittent encryption for large files.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?