Palo Alto Networks' Unit 42 has identified a new ransomware-as-a-service group called "Repellent Scorpius," which has been distributing the Cicada3301 ransomware since May. The group operates a multi-extortion scheme, encrypting and stealing data to extort victims with both decryption keys and threats of data exposure. Cicada3301, written in Rust, has possible links to the BlackCat ransomware family. Unit 42’s research suggests that Repellent Scorpius may have ties to other ransomware groups like ALPHV/BlackCat, and warns of likely future attacks as the group actively recruits affiliates.