THREAT ANALYSIS: Beast Ransomware

Tags

External References

• https://www.cybereason.com/
• https://otx.alienvault.com/

Description

The Beast Ransomware group, active since 2022, offers a Ransomware-as-a-Service (RaaS) platform with constant updates. It supports Windows, Linux, and ESXi systems, providing affiliates with customizable binary options. Beast employs advanced encryption methods, including Elliptic-curve and ChaCha20, and features multithreaded file encryption, process termination, shadow copy deletion, and subnet scanning. The ransomware avoids encrypting data in CIS countries and uses SMB scans for self-propagation. It targets various file formats and creates a unique mutex to prevent multiple instances. The Cybereason Defense Platform offers advanced detection and prevention features against Beast Ransomware.

Date