Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group.
Slovak cybersecurity company ESET, which dubbed the new ransomware strain RansomBoggs, said the attacks against several Ukrainian entities were first detected on November 21, 2022.
“While the malware written in .NET is new, its deployment is similar to previous attacks attributed to Sandworm,” the company said in a series of tweets Friday.
The development comes as the Sandworm actor, tracked by Microsoft as Iridium, was implicated for a set of attacks aimed at transportation and logistics sectors in Ukraine and Poland with another ransomware strain called Prestige in October 2022.
The RansomBoggs activity is said to employ a PowerShell script to distribute the ransomware, with the former “almost identical” to the one used in the Industroyer2 malware attacks that came to light in April.
images from Hacker News