Ransomware Awareness – New Ransomware Group “Cicada3301” Surfaces with Connections to ALPHV Network

Security researchers have identified a new ransomware group named “Cicada3301,” linked to the ALPHV/BlackCat variant and the Brutus botnet. Cicada3301 has been observed targeting VMware ESXi environments, aiming to disrupt virtual machines by shutting them down, deleting snapshots, and encrypting data. The group’s first data leak site post appeared on June 25, followed by an invitation for new affiliates to join on the cybercrime forum Ramp. WaterISAC is sharing for broader awareness of threat actor groups and tactics. The initial attack reportedly involved the threat actor accessing systems using valid credentials obtained through theft or brute force, linking them to the Brutus botnet, known for its password-guessing campaigns on various VPN solutions. Researchers speculate about possible connections between ALPHV and Cicada3301, though the original creators of Cicada3301 have distanced themselves from this new group. For more information, visit Infosecurity Magazine.