Sunday, January 29, 2023
HomeCyber SecurityRussia-based RansomBoggs Ransomware Focused A number of Ukrainian Organizations

Russia-based RansomBoggs Ransomware Focused A number of Ukrainian Organizations


Ukraine has come beneath a recent onslaught of ransomware assaults that mirror earlier intrusions attributed to the Russia-based Sandworm nation-state group.

Slovak cybersecurity firm ESET, which dubbed the brand new ransomware pressure RansomBoggs, mentioned the assaults in opposition to a number of Ukrainian entities had been first detected on November 21, 2022.

“Whereas the malware written in .NET is new, its deployment is just like earlier assaults attributed to Sandworm,” the corporate mentioned in a sequence of tweets Friday.

The event comes because the Sandworm actor, tracked by Microsoft as Iridium, was implicated for a set of assaults aimed toward transportation and logistics sectors in Ukraine and Poland with one other ransomware pressure known as Status in October 2022.

The RansomBoggs exercise is claimed to make use of a PowerShell script to distribute the ransomware, with the latter “nearly an identical” to the one used within the Industroyer2 malware assaults that got here to gentle in April.

RansomBoggs Ransomware

In response to the Laptop Emergency Response Crew of Ukraine (CERT-UA), the PowerShell script, named POWERGAP, was leveraged to deploy a knowledge wiper malware known as CaddyWiper utilizing a loader dubbed ArguePatch (aka AprilAxe).

ESET’s evaluation of the brand new ransomware reveals that it generates a randomly generated key and encrypts recordsdata utilizing AES-256 in CBC mode and appends the “.chsch” file extension.

Sandworm, an elite adversarial hacking group inside Russia’s GRU army intelligence company, has a infamous monitor report of placing vital infrastructure through the years.

The menace actor has been linked to the NotPetya cyberattacks in opposition to hospitals and medical amenities in 2017 and the harmful assaults in opposition to the Ukrainian electrical energy grid in 2015 and 2016.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments