BrainCipher Ransomware Group Targets Fabamaq: A Detailed Analysis

Fabamaq, a prominent software house based in Porto, Portugal, specializing in the development of innovative casino games, has recently fallen victim to a ransomware attack by the notorious BrainCipher group. The attackers claim to have accessed 1 TB of the company's organizational data and have threatened to publish it within 18-19 days.

About Fabamaq

Founded in 2010, Fabamaq has grown from a small startup to a significant player in the gaming industry, employing over 230 individuals. The company is known for its diverse range of gaming products, including bingos, slots, table games, and crash games, designed for both land-based and online casinos. With a strong emphasis on innovation and creativity, Fabamaq has launched over 250 games and operates in multiple global markets. The company prides itself on fostering a human-centered culture that emphasizes collaboration and shared success among its team members, referred to as "Gamers."

Attack Overview

The BrainCipher ransomware group has claimed responsibility for the attack on Fabamaq via their dark web leak site. The attackers allege that they have exfiltrated 1 TB of sensitive organizational data and have issued a threat to publish this data within 18-19 days if their demands are not met. This attack highlights the vulnerabilities that even well-established companies like Fabamaq face in the ever-evolving landscape of cyber threats.

About BrainCipher Ransomware Group

BrainCipher emerged in early June and quickly gained notoriety following a high-profile attack on Indonesia’s National Data Center. The group primarily uses phishing and spear phishing as their delivery methods and relies on initial access brokers to infiltrate target environments. Their ransomware payloads are based on LockBit 3.0, utilizing a leaked version of the popular ransomware builder. BrainCipher is known for encrypting files and appending a distinctive file extension, as well as encrypting file names to increase the complexity of decryption.

Penetration and Distinguishing Features

BrainCipher employs sophisticated techniques to evade detection and maintain persistence within compromised systems. These techniques include hiding threads from debuggers, executing in a suspended mode, and enabling debug and security privileges. The group also operates a TOR-based data leak site where they publish information about companies that fail to protect personal data adequately. Their ransom notes and data leak site contain similar language, warning victims against involving third-party negotiators or law enforcement agencies.

Potential Vulnerabilities

Fabamaq's focus on innovation and rapid growth may have inadvertently created vulnerabilities that threat actors like BrainCipher can exploit. The company's extensive global operations and large volume of sensitive data make it an attractive target for ransomware groups. Additionally, the reliance on a collaborative and creative work environment may pose challenges in maintaining stringent cybersecurity measures across all levels of the organization.

• Fabamaq Official Website
• ZoomInfo - Fabamaq Profile
• BleepingComputer - BrainCipher Ransomware
• Sangfor - BrainCipher Ransomware
• SentinelOne - BrainCipher Analysis