The brand new Mind Cipher ransomware operation has begun concentrating on organizations worldwide, gaining media consideration for a latest assault on Indonesia’s short-term Nationwide Knowledge Middle.
Indonesia is constructing out Nationwide Knowledge Facilities to securely retailer servers utilized by the federal government for on-line companies and knowledge internet hosting.
On June twentieth, one of many short-term Nationwide Knowledge Facilities suffered a cyberattack that encrypted the federal government’s servers and disrupted immigration companies, passport management, issuing of occasion permits, and different on-line companies.
The authorities confirmed {that a} new ransomware operation, Mind Cipher, was behind the assault, disrupting over 200 authorities companies.
Mind Cipher demanded $8 million within the Monero cryptocurrency to obtain a decryptor and never leak allegedly stolen knowledge.
BleepingComputer has realized that the risk actors have acknowledged within the negotiation chat that they’re issuing a “press launch” in regards to the “high quality of non-public knowledge safety” within the assault, doubtless indicating that knowledge was stolen.
Who’s Mind Cipher
Mind Cipher is a brand new ransomware operation launched earlier this month, conducting assaults on organizations worldwide.
Whereas the ransomware gang initially launched and not using a knowledge leak website, their newest ransom notes now hyperlink to at least one, indicating that knowledge remains to be in assault and shall be utilized in double-extortion schemes.
BleepingComputer is conscious of quite a few samples of the Mind Cipher ransomware uploaded to numerous malware-sharing websites over the previous two weeks.
These samples [1, 2, 3] had been created utilizing the leaked LockBit 3.0 builder, which different risk actors closely abused to launch their very own ransomware operations.
Nonetheless, Mind Cipher has made some minor modifications to the encryptor.
A type of modifications is that it not solely appends an extension to the encrypted file but additionally encrypts the file identify, as proven under.
Supply: BleepingComputer
The encryptor may even create ransom notes named within the format of [extension].README.txt, as proven under. These ransom notes briefly describe what occurred, make threats, and hyperlink to the Tor negotiation and knowledge leak websites.
Supply: BleepingComputer
In a single observe seen by BleepingComputer, the risk actor deviated a bit within the template and used the file identify ‘How To Restore Your Recordsdata.txt.’
Supply: BleepingComputer
Every sufferer has a singular encryption ID that’s entered into the risk actor’s Tor negotiation website. Like many different latest ransomware operations, the negotiation website is fairly easy, simply together with a chat system that the sufferer can use to speak with the ransomware gang.
Supply: BleepingComputer
New knowledge leak website launched
Like different ransomware operations, Mind Cipher will breach a company community and unfold laterally to different gadgets. As soon as the risk actors acquire Home windows area admin credentials, they deploy the ransomware all through the community.
Nonetheless, earlier than encrypting recordsdata, the risk actors will steal company knowledge for leverage of their extortion makes an attempt, warning victims that it is going to be publicly launched if a ransom will not be paid.
Mind Cipher isn’t any completely different and has lately launched a brand new knowledge leak website that doesn’t presently checklist any victims.
Supply: BleepingComputer
From negotiations seen by BleepingComputer, the ransomware gang has demanded ransoms ranging between $20,000 and $8 million.
Because the encryptor relies on the leaked LockBit 3 encryptor, it has been totally analyzed previously, and except Mind Cipher tweaked the encryption algorithm, there aren’t any identified methods to get better recordsdata without cost.
