Security News > 2022 > November > Sandworm gang launches Monster ransomware attacks on Ukraine

The Russian criminal crew Sandworm is launching another attack against organizations in Ukraine, using a ransomware that analysts at Slovakian software company ESET are calling RansomBoggs.

"There are similarities with previous attacks conducted by #Sandworm: a PowerShell script used to distribute the.NET ransomware from the domain controller is almost identical to the one seen last April during the #Industroyer2 attacks against the energy sector" that were attributed to Sandworm.

Sandworm is linked to Unit 74455 of the GRU - Russia's military intelligence outfit - and has been active for since at least the 1990s, including in the suspected development of the NotPetya ransomware in 2017.

The group targeted Ukraine during Russia's 2014 invasion and subsequent occupation of Crimea and has been active since the country launched its latest illegal attack on Ukraine.

More recently, Sandworm was behind a malware campaign in August reported by cyber security firm Recorded Future that targeted Ukrainian organizations by masquerading as Ukrainian telecommunications service providers and another detected by Microsoft in which Sandworm - which Microsoft refers to as Iridium - launched the Prestige ransomware in October against transportation and logistics industries in Ukraine and Poland.

In their report, researchers with Microsoft's Security Threat Intelligence unit wrote that Iridium "Has been consistently active in the war in Ukraine and has been linked to destructive attacks since the start of the war."

News URL

https://go.theregister.com/feed/www.theregister.com/2022/11/29/russia_ransomboggs_ransomware_ukraine/