Ransomware gang, Brain Cipher, has begun leaking sensitive data stolen from Rhode Island’s RIBridges social services platform earlier in December 2024. The integrated system, which managed healthcare, social services, and food assistance programs, served some 650,000 citizens including minors, before being taken offline. Exposed information was confirmed by Governor McKee to contain names, addresses, birthdates, social security numbers, and banking details. Screenshots also suggest that the stolen files include Oracle databases and system backups.[1]
While IT teams are investigating the breach, state officials are urging Rhode Islanders to protect themselves by freezing their critical accounts, activating MFA where possible, monitoring changes to credit charges, and watching for signs of phishing scams that exploit the stolen personally identifiable information (PII).
Brain Cipher has been active since June 2024, primarily engaging in multi-pronged extortion using a ransomware encryptor and a data leak site (DLS). The encryptor itself is derived from the leaked LockBit 3.0 builder. Currently, the DLS is offline, possibly due to a distributed-denial-of-service (DDoS) attack, but the Brain Cipher TOR-based negotiation page remains operational. The ransomware gang has historically targeted multiple critical industries, including entities in the medical, educational, and manufacturing fields.
Six months ago, Brain Cipher gained notoriety for targeting Indonesia’s temporary National Data Center (PDNS), designed to securely store government servers for online services and host sensitive data. The attack caused major disruptions to core immigration, passport control, and event permitting services across over 200 government agencies. Currently, Rhode Island has begun the process of multi-stage restoration and aims to have databases back online by mid-January while indicating that food assistance and health insurance benefits will not be delayed by the attack. Back to pen and paper.
Link to full technical report on Brain Cipher: TR-25-007-001_BrainCiper.pdf
[1] https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-1-6/
Comments