The Brotherhood, a new organization linking the underground communities of BlackForums and BloodForge RaaS, has announced its presence and future plans. With a focus on high-level ransomware operations, The Brotherhood connects BlackForums—a malware and leaks forum established in early 2023—and the soon-to-be-released BloodForge Ransomware-as-a-Service (RaaS).
Who Are The Brotherhood?
The Brotherhood positions itself as a key connector in the cybercrime landscape, aiming to bring together the established BlackForums community and the emerging BloodForge ransomware group. BlackForums, managed by @ReservedMemory, serves as a hub for discussions and exchanges around malware and data leaks. Meanwhile, BloodForge RaaS, expected to debut soon, promises to deliver advanced ransomware capabilities and evasion techniques.
Introducing BloodForge Onyx (V1)
The initial version of BloodForge RaaS, called Onyx (V1), offers a range of features that make it a formidable tool for cybercriminals:
- Fully Undetectable (FUD): BloodForge Onyx completely evades all major antivirus solutions and automatically deletes itself after execution, ensuring stealth and minimizing traces.
- High-Speed Encryption: It encrypts data quickly with a small payload size, facilitating rapid data takeover.
- Enterprise-Grade Ciphers: The ransomware uses AES-256 and ChaCha20 algorithms for top-tier encryption, which makes decryption attempts nearly impossible.
- Advanced Polymorphic Engine – BloodShift: BloodShift adapts its structure on every execution, which renders it undetectable by traditional security measures.
- Information Grabbing: The software extracts sensitive data, including passwords and cookies, to maximize the attack’s impact.
- Automatic Privilege Escalation: It seamlessly bypasses User Account Control (UAC) and escalates to admin privileges, granting full system control.
- Network Worming: BloodForge spreads across networks, infecting multiple devices effortlessly.
- Anti-Antivirus Measures: Customizable watchdog functionalities block antivirus software and disable Task Manager to prevent interference.
- Real-Time Monitoring: Users can manage infections, monitor encryption progress, and handle ransom payments through an intuitive control panel.
- Delayed Encryption: The ransomware offers delayed encryption options, allowing deeper system penetration before locking down files.
- Single Execution Lock: This feature prevents redundant encryption, maintaining optimal performance and reducing system load.
Limited Availability and Pricing
BloodForge Onyx (V1) is being sold at $750 per slot, with only 10 slots available. This limited release suggests a focus on targeted operations and exclusivity, making it a highly sought-after tool.
Goals and Future Plans
The Brotherhood aims to strengthen ties between its own operations, BlackForums, and other similar groups in the cybercrime ecosystem. As BloodForge RaaS approaches its official release, The Brotherhood plans to play a pivotal role in its adoption and integration within the wider underground community.