Security News > 2022 > November > Sandworm gang launches Monster ransomware attacks on Ukraine
The Russian criminal crew Sandworm is launching another attack against organizations in Ukraine, using a ransomware that analysts at Slovakian software company ESET are calling RansomBoggs.
"There are similarities with previous attacks conducted by #Sandworm: a PowerShell script used to distribute the.NET ransomware from the domain controller is almost identical to the one seen last April during the #Industroyer2 attacks against the energy sector" that were attributed to Sandworm.
Sandworm is linked to Unit 74455 of the GRU - Russia's military intelligence outfit - and has been active for since at least the 1990s, including in the suspected development of the NotPetya ransomware in 2017.
The group targeted Ukraine during Russia's 2014 invasion and subsequent occupation of Crimea and has been active since the country launched its latest illegal attack on Ukraine.
More recently, Sandworm was behind a malware campaign in August reported by cyber security firm Recorded Future that targeted Ukrainian organizations by masquerading as Ukrainian telecommunications service providers and another detected by Microsoft in which Sandworm - which Microsoft refers to as Iridium - launched the Prestige ransomware in October against transportation and logistics industries in Ukraine and Poland.
In their report, researchers with Microsoft's Security Threat Intelligence unit wrote that Iridium "Has been consistently active in the war in Ukraine and has been linked to destructive attacks since the start of the war."
News URL
Related news
- Jackson County in state of emergency after ransomware attack (source)
- Panera Bread week-long IT outage caused by ransomware attack (source)
- The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack (source)
- How can the energy sector bolster its resilience to ransomware attacks? (source)
- The Drop in Ransomware Attacks in 2024 and What it Means (source)
- Change Healthcare faces second ransomware dilemma weeks after ALPHV attack (source)
- Daixin ransomware gang claims attack on Omni Hotels (source)
- Change Healthcare’s ransomware attack costs edge toward $1B so far (source)
- United Nations agency investigates ransomware attack, data theft (source)
- The Week in Ransomware - April 19th 2024 - Attacks Ramp Up (source)