Cicada3301 ransomware targets SMBs, shares code with BlackCat, exploits vulnerabilities in Windows, Linux, and ESXi systems.
Written in Rust and capable of targeting both Windows and Linux/ESXi hosts, Cicada3301 first emerged in June 2024, inviting potential affiliates to join their ransomware-as-a-service (RaaS) platform via an advertisement on the RAMP underground forum.