Growing Cyber Threats in Ukraine with New Ransomware Strain, RansomBoggs
Category: Threat Actor Activity | Industry: Global | Level: Strategic | Source: Twitter
Researchers from ESET have discovered threat activity associated with the Russian threat group Sandworm targeting Ukrainian organizations with a new ransomware strain dubbed, RansomBoggs. Their findings were shared in the company's Twitter thread, "On November 21st #ESETResearch detected and alerted @_CERT_UA of a wave of ransomware we named #RansomBoggs, deployed in multiple organizations in Ukraine. While the malware written in .NET is new, its deployment is similar to previous attacks attributed to #Sandworm." Breaking down the ransomware, similarities with Sandworm were identified through the use of a PowerShell script to distribute the ransomware, "from the domain controller is almost identical to the one seen last April during the #Industroyer2 attacks against the energy sector." The ransomware makes pop culture references to 2001, Monsters Inc produced by Pixar, and impersonates the show’s main character, James P. Sullivan. Sandworm threat actors have been busy with ransomware development and deployment, as Microsoft has tied the 'Prestige' ransomware strain to Sandworm as well.