Live Latest activity →
BR

BrainCipher

Known ransomware group
Dormant / low-volume

Brain Cipher emerged in July 2024. Both Windows and Linux variants are available. Brain Cipher using the leaked build of LockBit Black for their operations. The group suspected to have exploited CVE-2023-28252 (Microsoft Windows CLFS Driver Privilege Escalation Vulnerability). The Ransom demand ranges from $150,000 to $1,00,0000. Demand to be paid with Monero (XMR) cryptocurrency. In 2025, they have shifted their new Negotiation portal to new server with vanity TOR Domain starting with 'brain'.

1

Total Claims

0

Critical

Records Claimed

1

Industries Hit

Active span: May 11, 2026 – May 11, 2026 · 1 organizations targeted

Dormant / low-volume
Activity 1.9 Severity 2.5 Sectors 2.3 Tooling 1.0

Actor Threat Profile

Activity Timeline

Peak: May 2026 (1)
May 2026
LessMore
May 2026

Share this profile

Shareable intel card for BrainCipher

Top Targeted Industries

Education 1

Tradecraft & Infrastructure

0

Documented tools

4 / 5

MITRE tactics / techniques

8

Known leak sites

Full intelligence profile on ransomware.live →

Targeted Organizations

ice.org.uk

Claims by BrainCipher

Low

Ransomware Claim: ice.org.uk

ice.org.uk
BrainCipher
Ransomware Education
May 12, 2026

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.