THREAT ANALYSIS: Beast Ransomware

Oct. 21, 2024, 9:53 a.m.

Description

The Beast Ransomware group, active since 2022, offers a Ransomware-as-a-Service (RaaS) platform with constant updates. It supports Windows, Linux, and ESXi systems, providing affiliates with customizable binary options. Beast employs advanced encryption methods, including Elliptic-curve and ChaCha20, and features multithreaded file encryption, process termination, shadow copy deletion, and subnet scanning. The ransomware avoids encrypting data in CIS countries and uses SMB scans for self-propagation. It targets various file formats and creates a unique mutex to prevent multiple instances. The Cybereason Defense Platform offers advanced detection and prevention features against Beast Ransomware.

External References

https://www.cybereason.com/blog/threat-analysis-beast-ransomware
https://otx.alienvault.com/pulse/6713c93713a36a29fcaaf688
Tags
linux
windows
encryption
esxi
raas
2024-10-19
geofencing
file-targeting
multithreading
beast ransomware
self-propagation
monster

Date

  • Created: Oct. 19, 2024, 2:59 p.m.
  • Published: Oct. 19, 2024, 2:59 p.m.
  • Modified: Oct. 21, 2024, 9:53 a.m.

Attack Patterns

  • Beast Ransomware
  • Monster
  • Beast Ransomware

Additional Informations

  • Moldova, Republic of
  • Belarus
  • Russian Federation