"Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations"

Ukraine has been subjected to a new wave of ransomware attacks, similar to previous intrusions linked to the Russia-based Sandworm nation-state group. The attacks against several Ukrainian entities were first detected on November 21, 2022, according to the Slovak cybersecurity firm ESET, which dubbed the new ransomware strain RansomBoggs. Although the malware is new, its deployment is similar to previous Sandworm attacks, according to the company. The news comes as the Sandworm actor, dubbed Iridium by Microsoft, has been linked to a series of attacks targeting the transportation and logistics sectors in Ukraine and Poland with another ransomware strain called Prestige in October 2022. The RansomBoggs activity is said to use a PowerShell script to distribute the ransomware, with the latter being almost identical to the one used in the April Industroyer2 malware attacks. According to the Computer Emergency Response Team of Ukraine (CERT-UA), the POWERGAP PowerShell script was used to deploy CaddyWiper data wiper malware via a loader called ArguePatch, also known as AprilAxe. ESET's analysis of the new ransomware reveals that it generates a randomly generated key and encrypts files with AES-256 in CBC mode, appending the ".chsch" file extension. Sandworm, an elite adversarial hacking group within Russia's GRU military intelligence agency, has a long history of targeting critical infrastructure. This article continues to discuss the RansomBoggs ransomware targeting Ukrainian organizations.

THN reports "Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations"