June 7, 2023

Ukraine has experienced ransomware attacks from a new strain known to be RansomBiggs that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group.

The Sandworm actor, tracked as Iridium, was implicated for a set of attacks aimed at transportation and logistics sectors in Ukraine and Poland with another ransomware strain called Prestige in October 2022.

Advertisements

The RansomBoggs activity is said to employ a PowerShell script to distribute the ransomware, with the latter “almost identical” to the one used in the Industroyer2 malware attacks that came to light in April.

According to the Ukraine CERT-UA, the PowerShell script, named POWERGAP, was leveraged to deploy a data wiper malware called CaddyWiper using a loader dubbed ArguePatch.

The new ransomware seen encrypts files using AES-256 in CBC mode and appends the “.chsch” file extension.

Sandworm, an elite adversarial hacking group within Russia’s GRU military intelligence agency, has a notorious track record of striking critical infrastructure over the years.

Advertisements

The threat actor has been linked to the NotPetya cyberattacks in 2017 and the destructive assaults against the Ukrainian electrical power grid in 2015 and 2016.

Tags:

Leave a Reply

You may have missed

Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

June 4, 2023
%d bloggers like this: