THREAT ANALYSIS: Beast Ransomware

Oct. 21, 2024, 9:53 a.m.

Tags
linux
windows
encryption
esxi
raas
2024-10-19
geofencing
file-targeting
multithreading
beast ransomware
self-propagation
monster
External References
Description

The Beast Ransomware group, active since 2022, offers a Ransomware-as-a-Service (RaaS) platform with constant updates. It supports Windows, Linux, and ESXi systems, providing affiliates with customizable binary options. Beast employs advanced encryption methods, including Elliptic-curve and ChaCha20, and features multithreaded file encryption, process termination, shadow copy deletion, and subnet scanning. The ransomware avoids encrypting data in CIS countries and uses SMB scans for self-propagation. It targets various file formats and creates a unique mutex to prevent multiple instances. The Cybereason Defense Platform offers advanced detection and prevention features against Beast Ransomware.

Date

Published: Oct. 19, 2024, 2:59 p.m.

Created: Oct. 19, 2024, 2:59 p.m.

Modified: Oct. 21, 2024, 9:53 a.m.

Attack Patterns

Beast Ransomware

Monster

Beast Ransomware

T1078.001

T1021.002

T1078.002

T1543.003

T1135

T1490

T1119

T1489

T1486

T1016

T1106

T1083

T1047

Additional Informations

Moldova, Republic of

Belarus

Russian Federation