BrainCipher Ransomware Hits Cyceron: 100 GB of Sensitive Data at Risk
Incident Date:
August 12, 2024
Overview
Title
BrainCipher Ransomware Hits Cyceron: 100 GB of Sensitive Data at Risk
Victim
Cyceron
Attacker
BrainCypher
Location
First Reported
August 12, 2024
BrainCipher Ransomware Group Targets Cyceron: A Detailed Analysis
Cyceron, a renowned neuroscience and imaging research center located in Caen, Normandy, France, has recently fallen victim to a ransomware attack orchestrated by the BrainCipher group. The attackers have reportedly exfiltrated 100 GB of sensitive data and are threatening to release it within the next 18-19 days.
About Cyceron
Cyceron is a prominent biomedical imaging platform established in 1985 and recognized as an IBiSA (Infrastructures en Biologie, Santé et Agronomie) platform since 2007. The facility is located at the EPOPEA super-campus in Caen and serves as a critical technological base for in vivo imaging research. Cyceron hosts five research units, three companies, and one institute, employing approximately 355 staff members, including researchers, engineers, and technicians. The center is known for its advanced imaging techniques, such as MRI and PET, which are utilized for both preclinical and clinical investigations.
Cyceron operates under the umbrella of several academic institutions, including INSERM (the French National Institute of Health and Medical Research) and CNRS (the National Centre for Scientific Research). The center's contributions to neuroscience are significant, with over 1,350 publications and 50,000 citations, making it a leading biomedical platform in France.
Attack Overview
The ransomware attack on Cyceron was claimed by the BrainCipher group via their dark web leak site. The attackers have reportedly gained access to 100 GB of the organization's data, which they are threatening to release within the next 18-19 days. The attack has raised concerns about the security of sensitive research data and the potential impact on ongoing studies and collaborations.
About BrainCipher
BrainCipher is a relatively new ransomware group that emerged in early June 2023. The group gained notoriety after a high-profile attack on Indonesia’s National Data Center, which disrupted essential public services. BrainCipher primarily uses phishing and spear phishing as delivery methods and relies on initial access brokers to infiltrate target environments. The ransomware payloads are based on LockBit 3.0 and are constructed from a leaked version of the popular ransomware builder.
BrainCipher distinguishes itself by employing sophisticated persistence and evasion techniques, including hiding threads from debuggers and executing in a suspended mode. The group operates a TOR-based data leak site where they publish information about companies that fail to protect personal data adequately. Ransom notes and data leak site communications warn victims against involving third-party negotiators or law enforcement agencies.
Potential Vulnerabilities
Cyceron's extensive use of advanced imaging technologies and collaborative environment may have made it an attractive target for threat actors like BrainCipher. The reliance on interconnected systems and the handling of sensitive research data could have provided multiple entry points for the attackers. Additionally, the high value of the data stored at Cyceron, including unpublished research and proprietary imaging techniques, would be a significant leverage point for ransomware groups seeking substantial ransom payments.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.