Brain Cipher emerged in July 2024. Both Windows and Linux variants are available. Brain Cipher using the leaked build of LockBit Black for their operations. The group suspected to have exploited CVE-2023-28252 (Microsoft Windows CLFS Driver Privilege Escalation Vulnerability). The Ransom demand ranges from $150,000 to $1,00,0000. Demand to be paid with Monero (XMR) cryptocurrency. In 2025, they have shifted their new Negotiation portal to new server with vanity TOR Domain starting with 'brain'.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Tácticas y técnicas observadas del actor, mapeadas a MITRE ATT&CK (clic para ver la ficha oficial). Útil para priorizar detecciones.
Para detección/bloqueo en tu EDR/SIEM. Fuente: ransomware.live.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
BrainCipher ransomware (LockBit 3.0 variant)
*/
rule BrainCipher_Ransomnote
{
meta:
author = "ransomware.live"
family = "ransomware.braincipher"
description = "Detects BrainCipher ransomware ransom note"
date = "2026-05-04"
severity = 7
score = 70
strings:
$s1 = "BrainCipher" ascii nocase
$s2 = "BRAINCIPHER" ascii
$s3 = "braincipher.onion" ascii nocase
condition:
any of them
}
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\Welcome to Brain Cipher Ransomware!\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\Dear managers!\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\If you're reading this, it means your systems have been hacked and encrypted and your data stolen.\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours.\\\\\\
\\\\\\\\\\\\\In order for it to be successful, you must follow a few points:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\1.Don't go to the police, etc.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\2.Do not attempt to recover data on your own.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\3.Do not take the help of third-party data recovery companies.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\In most cases, they are scammers who will pay us a ransom and take a % for themselves.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\If you violate any 1 of these points, we will refuse to cooperate with you!!!\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\
\\ ATTENTION!!! If you do not contact us within 48 hours, we will post the record on our website:
\\
\\
\\ [redactado]
\\
\\
\\
\\ 3 steps to data recovery:
\\
\\
\\ 1. Download and install Tor Browser ([redactado]
\\
\\ 2. Go to our support page: [redactado]
\\ ******* This page can take up to 30 minutes to load.
\\
\\ 3. Enter your encryption ID: [snip]
\\
\\
\\ Email to support: [redactado]
\\
\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
_ _
| | (_)
| |__ _ __ __ _ _ _ __
| '_ \| '__/ _` | | '_ \
| |_) | | | (_| | | | | |
|_.__/|_| \__,_|_|_| |_|
,--""-.
(_,=- )
`---#{
`}������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������[AI generated] squamish.net appears to be an internet service provider and telecommunications company operating in Squamish, British Columbia, Canada. It offers broadband internet connectivity and related services to residential and business customers in the Squamish region. The company serves as a local ISP, providing connectivity solutions to the Sea-to-Sky Corridor area of British Columbia, positioning itself within the Canadian telecommunications and internet services industry.
[AI generated] N/A
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| squamish.net | CA | Not Found | — | 1 jun 2026 |
| iycsa.com.co | CO | Not Found | — | 5 may 2025 |
| Estar Seguros, S.A. | MX | Financial Services | — | 12 dic 2024 |
| Cristal y Lavisa S.A. de C.V. | MX | Manufacturing | — | 12 dic 2024 |
| G-ONE AUTO PARTS DE MÉXICO, S.A. DE C.V. | MX | Manufacturing | — | 2 dic 2024 |
| COOPERATIVA TELEFONICA DE CALAFATE LTD. | AR | Business Services | — | 13 nov 2024 |
| G-One Auto Parts de México S.A. de C.V. | MX | Manufacturing | — | 13 nov 2024 |
| Basilio Advogados | BR | Business Services | — | 28 oct 2024 |
| tiendasmacuto.com | VE | Business Services | — | 17 ago 2024 |
| fabamaq.com | AR | Manufacturing | — | 12 ago 2024 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
[AI generated] Estar Seguros, S.A. is an insurance company that specializes in providing a range of insurance products and services. It focuses on offering tailored solutions to meet the diverse needs of its clients, including auto, home, and life insurance. The company is known for its customer-centric approach, competitive pricing, and reliable coverage options, aiming to deliver peace of mind and financial protection.
[AI generated] Cristal y Lavisa S.A. de C.V. is a Mexican company specializing in the production and distribution of glass products. Known for its high-quality glassware, the company serves various industries, including construction, automotive, and consumer goods. With a focus on innovation and customer satisfaction, Cristal y Lavisa has established a strong presence in the domestic and international markets.
[AI generated] G-ONE Auto Parts de México, S.A. de C.V. is a company based in Mexico specializing in the distribution and sale of automotive parts. It caters to a wide range of vehicles, providing high-quality components and accessories to meet the needs of both individual customers and businesses. The company is known for its commitment to customer satisfaction and reliable service within the automotive industry.
[AI generated] COOPERATIVA TELEFONICA DE CALAFATE LTD. is a telecommunications cooperative based in El Calafate, Argentina. It provides a range of services including telephony, internet, and other communication solutions to the local community. As a cooperative, it operates with a focus on member needs and community development, emphasizing service quality and accessibility.