Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group.

Slovak cybersecurity company ESET, which dubbed the new ransomware strain RansomBoggs, said the attacks against several Ukrainian entities were first detected on November 21, 2022.

“While the malware written in .NET is new, its deployment is similar to previous attacks attributed to Sandworm,” the company said in a series of tweets Friday.

The development comes as the Sandworm actor, tracked by Microsoft as Iridium, was implicated for a set of attacks aimed at transportation and logistics sectors in Ukraine and Poland with another ransomware strain called Prestige in October 2022.

The RansomBoggs activity is said to employ a PowerShell script to distribute the ransomware, with the latter “almost identical” to the one used in the Industroyer2 malware attacks that came to light in April.

RansomBoggs Ransomware

According to the Computer Emergency Response Team of Ukraine (CERT-UA), the PowerShell script, named POWERGAP, was leveraged to deploy a data wiper malware called CaddyWiper using a loader dubbed ArguePatch (aka AprilAxe).

ESET’s analysis of the new ransomware shows that it generates a randomly generated key and encrypts files using AES-256 in CBC mode and appends the “.chsch” file extension.

Sandworm, an elite adversarial hacking group within Russia’s GRU military intelligence agency, has a notorious track record of striking critical infrastructure over the years.

The threat actor has been linked to the NotPetya cyberattacks against hospitals and medical facilities in 2017 and the destructive assaults against the Ukrainian electrical power grid in 2015 and 2016.


Products You May Like

Articles You May Like

No 10 admits ‘very difficult’ day ahead as hundreds of thousands of workers go on strike
Logic Drops Kevin Smith-Directed ‘Highlife’ with Cast of ‘Clerks’
OnePlus 11 5G Price in India Tipped Again, Could Go on Sale Starting February 14
PM says he acted ‘decisively’ in sacking Zahawi following tax affairs row
‘Tyre Nichols Should’ve Been Safe‘: Kamala Harris, Rev. Al Sharpton Honor Nichols’ at His Funeral

Leave a Reply

Your email address will not be published. Required fields are marked *