kasseika

Also known as: kasseika

Kasseika is a ransomware variant first publicly reported in January 2024, identified as a new evolution of the BlackMatter/LockBit ransomware codebase. The malware appends the .kasseika extension to encrypted files and uses a double-extortion model, combining file encryption with threats to publish stolen data on a Tor-based leak site. Early analysis revealed that Kasseika shares several traits with LockBit 3.0, including encryption routines, obfuscation methods, and ransom note structure, but with modified branding and negotiation portals. Initial access vectors have not been widely confirmed, though patterns from related ransomware suggest the use of compromised credentials, RDP exploitation, and vulnerabilities in public-facing services. Victims have been observed in North America, Europe, and Asia, spanning industries like manufacturing, logistics, and professional services.

Introduction

Kasseika is a ransomware variant first publicly reported in January 2024, identified as a new evolution of the BlackMatter/LockBit ransomware codebase. The malware appends the .kasseika extension to encrypted files and uses a double-extortion model, combining file encryption with threats to publish stolen data on a Tor-based leak site. Early analysis revealed that Kasseika shares several traits with LockBit 3.0, including encryption routines, obfuscation methods, and ransom note structure, but with modified branding and negotiation portals. Initial access vectors have not been widely confirmed, though patterns from related ransomware suggest the use of compromised credentials, RDP exploitation, and vulnerabilities in public-facing services. Victims have been observed in North America, Europe, and Asia, spanning industries like manufacturing, logistics, and professional services.

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • BlackEnergy:
  • BLACKCOFFEE:
  • Blackshades:
  • BlackNix:
  • Xploit:
  • BlackHole:

Attribution and Evidence

Information pending cataloguing.

References

References pending cataloguing.