Analysis of Secp0 Ransomware

SUMMARY :

Secp0 is a ransomware that emerged in early 2025, initially mischaracterized as a vulnerability disclosure extortion group. It operates as a conventional double-extortion ransomware, encrypting data while threatening public disclosure. The malware is an ELF binary targeting Linux systems, using ChaCha20 encryption with ECDH key exchange. It features configurable command-line options and embedded encrypted data. The encryption process involves generating session and file key pairs, calculating shared keys, and appending necessary decryption information to files. The ransomware's structure prevents decryption without the attacker's cooperation, making recovery challenging.

OPENCTI LABELS :

ransomware,encryption,double-extortion,secp0


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Analysis of Secp0 Ransomware