Peris.ai Analyst Talks About Brain Cipher Ransomware And Its Attack Method

Display of data encryption from Brain Cipher (photo: Peris.ai)

JAKARTA - Peris.ai, a group of practitioners with professional experience in cybersecurity, revealed in more detail about the Cipher Brain ransomware that has attacked the Temporary National Data Center since last June 20.

Based on its analysis, these attacks were sent via phishing campaigns, and often used fraudulent emails to trick recipients into downloading and running malicious files.

Once inside the network, ransomware will use various tactics to increase privileges, avoid defense, and gain access to sensitive information.

"For example, he used Windows Command Shell for execution and passed user account control for privilege escalation," wrote Peris.ai in an analysis on its official website.

The ransomware discovery tactics include Google scanning, system information discovery, and software discovery. This allows ransomware to map the infected environment and identify high-value targets for encrypted.

Credential access is an important aspect of the Brain Cipher method. This ransomware steals web session cookies, credentials from web browsers, and credentials stored in files, providing attackers with information needed to further infiltrate the network or extract data.

Finally, the impact of this ransomware is data encryption, which makes victim data inaccessible until the ransom is paid. As is currently happening in our PDNS.

Mitigation and Response

To reduce the threat posed by Brain Cipher Ransomware and similar attacks, Peris.ai recommends that organizations adopt a layered security approach, including:

Email security: Applying strong email security solutions to detect and block phishing attempts.

User Training: Regularly train employees to recognize and report phishing emails.

Endpoint security: Using advanced endpoint protection to detect and prevent malware execution.

Network Segmentation: Separate systems and data is important to limit the spread of ransomware.

Reserve Solutions: Maintain critical data backups regularly and ensure that backups are stored safely and offline.

Incident Response Planning: Develop and update the planned incident response regularly to ensure a quick and effective response to ransomware attacks.