BrainCipher

Ransomware group profile

22Victims

63Impact score

Description

Brain Cipher Ransomware is a financially motivated cybercriminal group known for deploying sophisticated ransomware attacks on large organizations since the early 2020s. The group employs advanced tactics such as double extortion, complete network infiltration, and data exfiltration to maximize ransom payouts. Their operations have targeted sectors including healthcare and finance, demonstrating a willingness to disrupt critical services for financial gain.

Key insights

•Targets large organizations to maximize ransom payouts.
•Utilizes double extortion tactics, threatening data release if ransoms are not paid.
•Employs a modified variant of the LockBit 3.0 ransomware.
•Engages in extensive network infiltration and data exfiltration before deployment.
•Incorporates zero-day vulnerabilities and social engineering in their attacks.
•Ransom demands typically range from $150,000 to $8 million, primarily paid in Monero.

Industries

Education Financial Services Government & Defense Healthcare Hospitality Manufacturing Other Professional Services Technology

Threat Level & Status Breakdown

For BrainCipher · Based on incidents in selected period

3threat level

Aggressiveness6/ 10

Lethality0/ 10

Criticality3/ 10

Status Breakdown

Claimed100.0%22

First seenJul 2025

Last seenJun 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 2, 2026

Recent activity

Monthly attack count for BrainCipher in the selected period

22Total attacks

12peak in May

3.7avg / month

↓ 1 vs first month

Intelligence

IOCs, YARA/Sigma rules, and related families for BrainCipher

mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion

View full IOC feed1 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for BrainCipher

Other

T1486

T1490

T1041

T1070

T1059

T1562

T1021

T1134

T1548.002

T1021.001

T1210

T1080

Victims(22)

Company	Domain	Country	Industry	Status	Discovered
squamish.net	squamish.net	CA Canada	Technology	Claimed	2 days ago
sheppadviser.com.au	sheppadviser.com.au	AU Australia	Professional Services	Claimed	13 days ago
ice.org.uk	ice.org.uk	GB United Kingdom	Education	Claimed	23 days ago
flbgroup.com	flbgroup.com	GB United Kingdom	Manufacturing	Claimed	about 1 month ago
kisnet.co.jp	kisnet.co.jp	JP Japan	Technology	Claimed	about 1 month ago
nwlr.ca	nwlr.ca	CA Canada	Technology	Claimed	about 1 month ago
liteline.com	liteline.com	CA Canada	Manufacturing	Claimed	about 1 month ago
westonconsulting.com	westonconsulting.com	US United States	Professional Services	Claimed	about 1 month ago
exceldor.ca	exceldor.ca	CA Canada	Other	Claimed	about 1 month ago
soundinsurance.ca	soundinsurance.ca	CA Canada	Financial Services	Claimed	about 1 month ago
endeavourautomotive.co.uk	endeavourautomotive.co.uk	GB United Kingdom	Manufacturing	Claimed	about 1 month ago
eworldme.com	eworldme.com	AE United Arab Emirates	Technology	Claimed	about 1 month ago
bridgeway-consulting.co.uk	bridgeway-consulting.co.uk	GB United Kingdom	Professional Services	Claimed	about 1 month ago
fsbgroup.ca	fsbgroup.ca	CA Canada	Financial Services	Claimed	7 months ago
semag.fr	semag.fr	FR France	Technology	Claimed	7 months ago
axxia.fr	axxia.fr	FR France	Technology	Claimed	7 months ago
oxfordcounty.ca	oxfordcounty.ca	CA Canada	Government & Defense	Claimed	8 months ago
cdom.org	cdom.org	US United States	Education	Claimed	8 months ago
bmsi.org	bmsi.org	US United States	Healthcare	Claimed	9 months ago
bw-lv.de	bw-lv.de	DE Germany	Healthcare	Claimed	10 months ago

Page 1 of 2