Unusual technical profile hints at vibe-coding: One possible explanation for Sicarii’s broken encryption flow is immature or poorly implemented development practices. The ransomware’s failure to retain usable keys is inconsistent with established ransomware design and suggests it may have been assembled without rigorous testing or a clear understanding of operational consequences, or even vibe-coded.”Halcyon assesses with moderate confidence that the developers may have used AI-assisted tooling, which could have contributed to this implementation error,” the researchers said in the alert.A Check Point Research’s analysis earlier this month had also highlighted a set of unusual and internally inconsistent characteristics. According to the analysis, Sicarri incorporates Israeli and Jewish activity symbolism in its branding and messaging, yet much of its underground activity appears in Russian. Also, the Hebrew language used in the malware and communications contains errors indicative of non-native or automated translation.Beyond encryption, Check Point observed Sicarii performing credential harvesting, network reconnaissance, vulnerability scanning, and data exfiltration, indicating the operation includes tooling atypical to financially motivated ransomware. “Sicarii significantly raises the risk profile of ransomware incidents, shifting the impact from financial extortion to potential permanent data loss and prolonged business disruption,” Grover added. “In regulated industries, this can further escalate compliance, legal, and operational consequences.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4123492/sicarii-ransomware-locks-your-data-and-throws-away-the-keys.html
