Ransomware gang Cyclops that link with LockBit and Babuk ransomware sell new malware that steals data from a network while encrypting it, effectively creating a combination of an info-stealer and ransomware. The new malware is effective on Windows, Mac OS, and Linux and boasts a user-friendly interface that could lower the bar for carrying out attacks
Researchers have uncovered the new malware being touted on dark web forums. It is capable of exfiltrate information from a target network, encrypting it, and depositing it on a server for the perpetrator of the attack to read through at their leisure.
The cybercriminal who has bought the Cyclops malware then has access to the encrypted files via a user panel which also includes a ransom section, designed to manage the negotiation and payment process.
The dark web customer will download the malware from Cyclops for a share of the profits. From that point on, they are ushered through the process via the customer interface, through which they can peruse the stolen data and demand a ransom.
It is unlikely that the purchaser of this malware will have access to much of the profits from the hack, researchers say.
Cyclops ransomware encryption logic shares similarities with Babuk ransomware, using the same types of encryption. The gang also has similar encoding techniques to LockBit. Executable strings are encoded and stored as a stack string in both the Cyclops and the LockBit ransomware.
The FBI took down a botnet called Cyclops Blink in March 2022, which may be of some relation to the current Cyclops and directly linked to Russian security force the GRU.