Cyclops Ransomware Group to Shut Down Old Panel, Set to Rebrand as ‘Knight’

Jul 27, 2023

The Cyclops ransomware group made an unexpected announcement on their dark web portal. They disclosed their decision to bid farewell to their old panel and blog, indicating a substantial shift in their approach.

In what appears to be a strategic rebranding maneuver, they proudly declared their new identity as “Knight.”

The Cyclops ransomware group, known for its attacks that target major platforms, including Windows, Linux, and macOS, made this change via a post yesterday.

“We are about to close the old panel and blog, and in version 2.0, we renamed it Knight. We are releasing the new panel and program this week. We are still recruiting new teams, but you must have enough experience. We have a major update in version 2.0, and our only contact”, stated the threat actor. 

Cyclops Ransomware Group Adopts New Modus Operandi as ‘Knight’

Source: Twitter

The Cyclops ransomware group, which will now be called Knight, has gained notoriety for more than just ransomware activities.

They have also ventured into stealing sensitive data, such as information about infected computer systems and various processes.  

At the heart of this transformation lies the new version 2.0, which is the foundation for their new moniker, “Knight.” The Cyclops ransomware group is not just another malevolent entity; they operate as a Ransomware-as-a-Service (RaaS) provider

Beyond offering their ransomware services, they go a step further by providing a distinct binary to facilitate data-stealing operations. It is evident that they seek a share of the profits from others engaging in malicious activities using their malicious software.

The Cyclops ransomware group offers separate panels for distributing their ransomware across Windows, Linux, and macOS platforms.

Additionally, they equip their panel with unique binaries specifically tailored to cater to the data-stealing requirements of both Linux and Windows systems.

Technical analysis of Cyclops ransomware Group

According to reports, the Cyclops ransomware group uses a virtual financial section within their domain to act as a bank for the attackers.

This section enables Cyclops ransomware group operators to withdraw their ransom amounts efficiently. Notably, they quickly address real-time issues and incentivize valuable suggestions from their network.

Recent intelligence has indicated that the Cyclops ransomware group has ventured into the Go-based info stealer domain.

This malware is designed to pilfer sensitive data from infected hosts, effectively adding another layer of threat to their arsenal.

Operating with a cunning modus operandi, they target crucial details, including operating system information, computer names, number of processes, and specific file extensions.

Once the information is harvested, encompassing various file formats like .TXT, DOC, XLS, PDF, JPEG, JPG, and .PNG, it is surreptitiously uploaded to a remote server, hidden from view.

Customers can access this malevolent stealer component through an admin panel, further facilitating illicit activities.

As the cybercrime ecosystem evolves, threats like the Cyclops ransomware group and its new “Knight” persona remind us how cunning and sophisticated are these cyber criminals and how much they have developed over the years — so much so that they can now run an organization and even rebrand it at their will.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Get Free Report & Network Analysis

Please check your email for the free report.