Several Ukraine Organizations are Being Targeted by Russia-based RansomBoggs Ransomware
Ransomware attacks have made their way into Ukraine, mirroring previous intrusions attributed to the Sandworm nation-state group based in Russia.
The new ransomware strain RansomBoggs, was dubbed by the Slovak cybersecurity company ESET. They said the attacks against several Ukrainian entities were first detected on November 21, 2022.
“While the malware written in .NET is new, its deployment is similar to previous attacks attributed to Sandworm,” the company said in a series of tweets Friday.
The development comes as The Sandworm actor which was tracked by Microsoft as Iridium, pointed towards a set of attacks that aimed at transportation and logistics sectors in Ukraine and Poland with another ransomware strain called Prestige in October 2022.
A PowerShell script has been said to be employed by the RansomBoggs activity . It is employed in a view to distribute the ransomware, with the former to the one used in the Industroyer2 malware attacks that came to light in April.
ESET’s analysis of the new ransomware shows that it generates a randomly generated key and encrypts files using AES-256 in CBC mode and appends the “.chsch” file extension.
Sandworm, an elite adversarial hacking group within Russia’s GRU military intelligence agency, has a long track record of striking the cybersecurity walls.
The threat actor has been linked to the NotPetya cyberattacks against hospitals and medical facilities in 2017 and the destructive assaults against the Ukrainian electrical power grid in 2015 and 2016.