Analysis of Secp0 Ransomware
Essential information
- Published
- 16/07/2025 08:08
- Modified
- 16/07/2025 08:19
- Tags
- 2025-07-16 double-extortion encryption ransomware secp0
- Related entities
- 6 observables, 1 intrusion sets (apt), 12 techniques (mitre), 1 malware, 2 others
Description
Secp0 is a ransomware that emerged in early 2025, initially mischaracterized as a vulnerability disclosure extortion group. It operates as a conventional double-extortion ransomware, encrypting data while threatening public disclosure. The malware is an ELF binary targeting Linux systems, using ChaCha20 encryption with ECDH key exchange. It features configurable command-line options and embedded encrypted data. The encryption process involves generating session and file key pairs, calculating shared keys, and appending necessary decryption information to files. The ransomware's structure prevents decryption without the attacker's cooperation, making recovery challenging.