Brain Cipher

About

New to the scene, Brain Cipher emerged halfway through last year. These Masked Actors quickly gained attention for their sophisticated RaaS model, following a large cyberattack on Indonesia’s national data center — disrupting services like customs and immigration. Brain Cipher’s $8 Million ransom demand indicates significant financial ambitions.

Active since

June 2024

Primary targets

Disruption to national infrastructure

Motivation

Based on activities so far, financial gain using double-extortion tactics (both encrypting data and threatening to release sensitive information).

Heritage

Evidence suggests links to other ransomware groups (possible rebrand of EstateRansomware)

Learn more about Brain Cipher from Group-IB’s research

Deciphering the Brain Cipher Ransomware

Patch or Peril: A Veeam vulnerability incident

Victims

Typically, organizations with substantial public visibility — such as national data centers and critical infrastructure entities. Brain Cipher targets industries like government, law enforcement, and the military.

What we know about Brain Cipher members

Links with other notorious RaaS groups suggest these members may be part of a larger cybercriminal network, or even operate as contracted criminals. It’s likely they all share infrastructure.