• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Russian Sandworm Hackers Linked to New Ransomware Blitz

You are here: Home / General Cyber Security News / Russian Sandworm Hackers Linked to New Ransomware Blitz
November 28, 2022

An infamous Russian state-backed APT group could be driving a new wave of ransomware attacks in opposition to Ukrainian targets, according to scientists at ESET.

The security seller claimed in a collection of tweets that it alerted the Ukrainian Pc Unexpected emergency Response Group (CERT-UA) about the RansomBoggs variant it found focusing on a number of neighborhood businesses.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The .NET malware is new, but deployed in a related fashion to earlier campaigns joined to the Russian navy intelligence (GRU) Sandworm group, it claimed.

There are seemingly quite a few references to Pixar movie Monsters Inc. in the malware.

“The ransom observe (SullivanDecryptsYourFiles.txt) shows the authors impersonate James P. Sullivan, the major character of the movie, whose job is to scare young children. The executable file is also named Sullivan.exe and references are present in the code as nicely,” ESET spelled out.

“There are similarities with former attacks executed by Sandworm: a PowerShell script made use of to distribute the .NET ransomware from the domain controller is nearly identical to the a person observed past April during the Industroyer2 attacks against the power sector.”

That script has been dubbed “PowerGap” by CERT-UA and was also made use of to deploy the destructive CaddyWiper malware together with Industroyer 2 at the time, employing the ArguePatch loader.

“RansomBoggs generates a random essential and encrypts documents making use of AES-256 in CBC method (not AES-128 like stated in the ransom notice), and appends the .chsch file extension. The vital is then RSA encrypted and written to aes.bin,” ESET continued.

“Depending on the malware variant, the RSA general public important can both be hardcoded in the malware sample itself or offered as argument.”

The seller also claimed the procedure has similarities to a separate ransomware marketing campaign released last month against Ukrainian and Polish logistics companies utilizing the “Prestige” variant.

“The Status marketing campaign may perhaps spotlight a calculated shift in IRIDIUM’s damaging attack calculus, signaling elevated risk to corporations straight giving or transporting humanitarian or military services help to Ukraine,” Microsoft wrote at the time.

“More broadly, it might stand for an elevated risk to businesses in Japanese Europe that might be regarded by the Russian condition to be offering assist relating to the war.”


Some sections of this short article are sourced from:
www.infosecurity-magazine.com

Previous Post: «over a dozen new bmc firmware flaws expose ot and Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks
Next Post: Belgian Police Under Fire After Major Ransomware Leak Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.