07 Brain Cipher

Brain Cipher

Region

Asia-Pacific,

Europe,

Latin America,

North America

Industries

Energy & Utilities,

Financial Services,

Government,

Manufacturing,

Retail & eCommerce

First seen

June 2024

Cybercrime

Disruption to national infrastructure

Heritage

Evidence suggests links to other ransomware groups (possible rebrand of EstateRansomware)

Categorizations

Ransomware-as-a-Service (RaaS)

About

New to the scene, Brain Cipher emerged halfway through last year. These Masked Actors quickly gained attention for their sophisticated RaaS model, following a large cyberattack on Indonesia’s national data center — disrupting services like customs and immigration. Brain Cipher’s $8 Million ransom demand indicates significant financial ambitions.

Learn more about Brain Cipher from Group-IB’s research

Deciphering the Brain Cipher Ransomware

Patch or Peril: A Veeam vulnerability incident

Victims

Typically, organizations with substantial public visibility — such as national data centers and critical infrastructure entities. Brain Cipher targets industries like government, law enforcement, and the military.

What we know about Brain Cipher members

Links with other notorious RaaS groups suggest these members may be part of a larger cybercriminal network, or even operate as contracted criminals. It’s likely they all share infrastructure.

Motivations

Based on activities so far, financial gain using double-extortion tactics (both encrypting data and threatening to release sensitive information).