Brain Cipher claims to breach Deloitte UK, allegedly steals 1TB of data

Emerging ransomware group Brain Cipher has claimed responsibility for an alleged cyber-attack on Deloitte UK, asserting that it exfiltrated more than one terabyte of compressed data. Deloitte, a member of the “Big Four” accounting and audit firms, has not confirmed the breach, leaving the claim unverified.

Brain Cipher has listed Deloitte UK as a victim on its dark web leak site, providing the company a deadline of December 15, 2024, to respond. The group has criticized Deloitte’s cybersecurity protocols, stating the firm failed to adhere to “elementary points” of information security.

The gang’s dark web post threatens to disclose further information, including examples of their access methods, data samples, and evidence comparing Deloitte’s security performance against contractual obligations. “We will show excellent (not) monitoring work and tell what tools we used and use there today,” the group taunted.

Brain Cipher, active since June 2024, has rapidly gained attention for its sophisticated ransomware operations targeting critical industries, including healthcare, government, and education. The group relies on phishing and spear-phishing tactics for initial access before deploying ransomware payloads based on LockBit technology.

Recent attacks include a significant breach of Indonesia’s National Data Center, which disrupted key public services such as immigration processing and student registrations. Analysts from cybersecurity firm SentinelOne have flagged Brain Cipher’s multi-pronged extortion strategies, which involve operational disruption and data theft.