"Sandworm Hacking Group Linked to New Ransomware Deployed in Ukraine"

According to recent research from the cybersecurity firm ESET, there is a wave of ransomware attacks in Ukraine that may be the work of the state-backed Russian hacking group Sandworm. Several Ukrainian organizations were affected by RansomBoggs malware before it was recently found by ESET researchers. During the attack, several references were made to the animated film Monsters, Inc. The main character of the film, James P. Sullivan, is made the author of the ransom note that was sent to infected computers. There are references to the movie in the code, the executable file, and the hackers' Telegram account are all named Sullivan. The executable file and the hackers' Telegram account are both called Sullivan, and references to the film can be found throughout the code. RansomBoggs targeted at least five Ukrainian organizations. ESET has not detected this ransomware family in attacks outside of Ukraine. The use of RansomBoggs is similar to previous Sandworm attacks, which were linked to the 2017 NotPetya cyberattack, and disrupted Ukrainian government organizations, banks, media, and electricity suppliers. According to ESET spokeswoman Yulia Andrienko, RansomBoggs appears to be fake ransomware because the authors are not interested in extorting victims and instead want to disrupt organizations by locking up their data. Aside from the Monsters Inc. theme, she claims the ransomware is fairly standard. Sandworm has been active in Ukraine since the beginning of Russia's full-scale invasion in February, and it has been linked to other destructive attacks, including an April cyberattack on a Ukrainian energy provider using a new variant of the Industroyer malware. Hackers used the PowerShell script POWERGAP, as seen in the Industroyer2 attack, to deploy RansomBoggs payloads from the domain controller on the victims' networks. In March, a PowerShell script was also used to deliver the destructive CaddyWiper malware to several dozen systems at Ukrainian organizations. This article continues to discuss Sandworm hacking group suspected to be behind the new RansomBoggs attacks against organizations in Ukraine. 

The Record reports "Sandworm Hacking Group Linked to New Ransomware Deployed in Ukraine"