Atomsilo

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
AtomSilo is a type of malware that has been linked to several other ransomware families including LockFile, Rook, Night Sky, and Pandora. This connection was revealed through the analysis of Cobalt Strike Beacon samples loaded by HUI Loader. CTU analysis suggests that these five ransomware families were developed from two distinct codebases: one for LockFile and AtomSilo, and another for Rook, Night Sky, and Pandora. AtomSilo has been implicated in significant cyber attacks, such as the compromise of pharmaceutical company Eisai in December 2021. The operational patterns of these ransomware families do not align with typical financially motivated cybercrime operations. A third-party report attributes the activities of LockFile, AtomSilo, Rook, and Night Sky to a Chinese threat group known as DEV-0401, suggesting that these attacks may be state-sponsored. Other reports indicate an overlap in TTP (Tactics, Techniques, and Procedures) between LockFile and AtomSilo intrusions, further linking these ransomware families together. As of mid-April, a total of 21 victims had been listed across AtomSilo, Rook, Night Sky, and Pandora leak sites. In response to this threat, a decryptor tool for AtomSilo and LockFile was released in October 2021, allowing victims to recover files encrypted by these ransomware families. This development may have prompted the threat actors to create a new ransomware family based on Babuk’s source code. However, they appear to have limited its use to brief, targeted deployments, likely to avoid detection by security researchers. The initial appearance of these ransomware families starting from mid-2021 suggests that the threat actors first developed LockFile and AtomSilo before moving on to develop Rook, Night Sky, and Pandora.
What's your take? (Question 1 of 0)
8b0f13af-9fd7-404e-8732-0a44bf66c3e8 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Atomsilo Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Secureworks
a year ago
BRONZE STARLIGHT Ransomware Operations Use HUI Loader
CERT-EU
a year ago
Ransomware attack impacts Eisai
CERT-EU
10 months ago
200+ Free Ransomware Decryption Tools You Need [2022 List]