TLDR:
- A new ransomware variant called Cicada3301 has emerged, targeting small to medium-sized businesses through opportunistic attacks.
- Written in Rust, Cicada3301 can target both Windows and Linux/ESXi hosts, using techniques similar to the now-defunct BlackCat operation.
Cybersecurity researchers have identified a new ransomware variant known as Cicada3301 that specifically targets small to medium-sized businesses through opportunistic attacks exploiting vulnerabilities. This ransomware, written in Rust, is capable of targeting both Windows and Linux/ESXi hosts, sharing similarities with the now-defunct BlackCat operation. The ransomware emerged in June 2024, inviting potential affiliates to join their ransomware-as-a-service platform. One unique aspect is how the executable embeds compromised user credentials to run legitimate tools like PsExec remotely. Cicada3301 also uses encryption techniques, file extensions, and tools similar to BlackCat, indicating a possible connection. The ransomware aims to encrypt files larger than 100 MB without shutting down the virtual machines they run on. The emergence of Cicada3301 has prompted a non-political movement associated with cryptographic puzzles to clarify they are not connected to the ransomware scheme.