"Russian Ransomware Group Claims Attack on Bulgarian Refugee Agency"

A ransomware group believed to have strong ties within Russia recently stated that it will release files it took from the Bulgarian government agency responsible for refugee management. Bulgaria is a nation that has reportedly hosted hundreds of thousands of fleeing Ukrainians. LockBit 2.0 posted a notice to the dark web portal it uses to identify and extort its victims, saying it had files from the Bulgarian State Agency for Refugees under the Council of Ministers. LockBit 2.0 is the successor to LockBit, a ransomware variant first spotted in September 2019. LockBit was initially known as ABCD ransomware, named for the file extension appended to encrypted files. The file extension appended to encrypted files was later updated to "LockBit." The ransomware gang launched its own leak site in September 2020. Researchers at Emisisoft stated that by June 2021, after a string of attacks, the developers behind the malware launched "LockBit 2.0," along with advertising material boasting of its fast encryption and data exfiltration speeds relative to other ransomware variants. As of July 2021 Emsisoft estimated that there could have been nearly 40,000 ransomware incidents involving LockBit malware.

CyberScoop reports: "Russian Ransomware Group Claims Attack on Bulgarian Refugee Agency"