Intel Name: Threat assessment: repellent scorpius, distributors of cicada3301 ransomware
Date of Scan: September 11, 2024
Impact: High
Summary: Repellent Scorpius is a recently surfaced ransomware-as-a-service (RaaS) group that deploys Cicada3301 ransomware. The group seems to have first appeared in May 2024, initiating a multi-extortion campaign. This report, derived from Unit 42 Incident Response engagements, offers a technical examination of the ransomware used by the Repellent Scorpius group. It also details additional tactics, techniques, and procedures (TTPs) observed during the attack.