ciphbit

Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.

/*
ciphbit ransomware
*/

rule ciphbit_Ransomnote
{
    meta:
        author = "ransomware.live"
        family = "ransomware.ciphbit"
        description = "Detects ciphbit ransomware ransom note or artifact"
        date = "2026-05-04"
        severity = 7
        score = 70

    strings:
        $name1 = "ciphbit" ascii nocase
        $name2 = "CIPHBIT" ascii
        $onion  = "ciphbit.onion" ascii nocase

    condition:
        any of them
}

# CiphBit Locker
All of Your Files And Network Have Been Strongly Secured By CiphBit Locker !
##################################
## Your Decryption ID: [snip  ] ##
##################################
1) Action Required:
	• Install Tor Browser via [redactado]
	• Enter CiphBit Tor Site: [redactado]
	• After Logging in, set your password and wait for the response.
2) Critical Instructions:
	• Do Not Modify or attempt to rename the encrypted files. This may lead to permanent data loss.
	• Do Not Share this information or breach details with any third party. This could be illogical.
	• You have a strict 48-hour window to take action. Failure to do so will result in the publication of your sensitive information on our blog, which may have serious consequences.
3) Additional Links:
	• CiphBit Tor Data Leak Blog: [redactado]
	• How To Buy Bitcoin: [redactado]
	• Tor Browser: [redactado]

• https://www.ransomware.live/group/ciphbit
• https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/ciphbit
• https://www.pcrisk.com/removal-guides/27862-ciphbit-ransomware
• https://www.hookphish.com/blog/ransomware-group-ciphbit-hits-iptelecom-gmbh/
• https://cyberpress.org/ciphbit-ransomware-attack/