Cicada Ransomware Group Adds Four New Victims to Dark Web Portal

The Cicada ransomware group, also known as Cicada3301, has emerged as a significant cybersecurity threat since its discovery in June 2024.

Operating as a ransomware-as-a-service (RaaS) model, the group enables affiliates to carry out attacks while sharing profits with the core team.

Known for its sophisticated tactics and advanced encryption techniques, Cicada3301 has targeted businesses across critical sectors, primarily in the US and UK.

Recent Victims Announced

On February 4, 2025, the group added four new victims to its dark web leak portal:

• Southeastern Surveying and Mapping Corp (USA)
• Rivers Casino (USA) – Previously targeted by Akira ransomware in August 2023.
• Asterra (USA)
• Caliente Construction Inc (USA)

These organizations span industries ranging from construction to entertainment, highlighting the group’s indiscriminate targeting strategy.

Ransomware Techniques and Impact

According to the post from FalconFeeds.io, Cicada3301 employs double-extortion tactics, where sensitive data is exfiltrated before encryption.

Victims face threats of data leaks in addition to system lockouts if ransom demands are not met.

The ransomware is written in Rust, enabling multi-platform functionality across Windows, Linux, VMware ESXi servers, and even less common architectures like PowerPC.

Its encryption methods include ChaCha20 and RSA algorithms with configurable modes for optimized impact.

The group’s operations are further bolstered by a sophisticated affiliate program.

Affiliates gain access to a web interface for victim management and communication while sharing 20% of ransom payments with the core group.

Connection to BlackCat/ALPHV Ransomware

Cicada3301 shares striking similarities with the BlackCat ransomware family. Both groups use similar toolsets for shadow copy deletion, virtual machine shutdowns, and encryption methods.

Security researchers suggest that Cicada3301 may have evolved from BlackCat’s codebase or developers.

Mitigation and Response Strategies

Organizations are urged to adopt robust cybersecurity measures to mitigate ransomware risks:

• Implement Multi-Factor Authentication (MFA): Prevent unauthorized access through compromised credentials.
• Segment Networks: Separate IT and operational networks to limit malware spread.
• Regular Backups: Ensure critical data is backed up securely and frequently.
• Incident Response Plans: Develop and practice comprehensive response strategies for potential attacks.

The addition of new victims by Cicada3301 underscores the persistent threat posed by ransomware groups leveraging advanced techniques and affiliate-driven models.

Organizations must remain vigilant and proactive in their cybersecurity efforts to counter these evolving threats.

Also Read: