• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
russia based ransomboggs ransomware targeted several ukrainian organizations

Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations

You are here: Home / General Cyber Security News / Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations
November 26, 2022

Ukraine has appear less than a refreshing onslaught of ransomware attacks that mirror past intrusions attributed to the Russia-centered Sandworm country-condition team.

Slovak cybersecurity business ESET, which dubbed the new ransomware strain RansomBoggs, stated the attacks versus various Ukrainian entities ended up very first detected on November 21, 2022.

“Although the malware published in .NET is new, its deployment is comparable to former attacks attributed to Sandworm,” the corporation mentioned in a sequence of tweets Friday.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The growth arrives as the Sandworm actor, tracked by Microsoft as Iridium, was implicated for a established of attacks aimed at transportation and logistics sectors in Ukraine and Poland with one more ransomware pressure identified as Prestige in Oct 2022.

The RansomBoggs activity is said to make use of a PowerShell script to distribute the ransomware, with the latter “pretty much identical” to the one particular employed in the Industroyer2 malware attacks that arrived to light in April.

RansomBoggs Ransomware

In accordance to the Laptop or computer Unexpected emergency Reaction Workforce of Ukraine (CERT-UA), the PowerShell script, named POWERGAP, was leveraged to deploy a data wiper malware identified as CaddyWiper making use of a loader dubbed ArguePatch (aka AprilAxe).

ESET’s evaluation of the new ransomware demonstrates that it generates a randomly created vital and encrypts data files working with AES-256 in CBC mode and appends the “.chsch” file extension.

Sandworm, an elite adversarial hacking team in Russia’s GRU navy intelligence agency, has a notorious observe record of hanging critical infrastructure over the many years.

The menace actor has been joined to the NotPetya cyberattacks towards hospitals and healthcare facilities in 2017 and the damaging assaults from the Ukrainian electrical electric power grid in 2015 and 2016.

Discovered this post exciting? Adhere to THN on Fb, Twitter  and LinkedIn to study much more exclusive articles we article.


Some pieces of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News ConnectWise Fixes XSS Vulnerability that Could Lead to Remote Code Execution
Next Post: U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk u.s. bans chinese telecom equipment and surveillance cameras over national»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.