A modified version of the ransomware leaked from the pro-Russian hacker group 'Conti' was used to attack Russian space agencies and state broadcasters.
Hackers use Conti's leaked ransomware to attack Russian companies
https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/
NB65 is a ransomware group affiliated with Anonymous that has been attacking Russian institutions over the past month. NB65 reports on Twitter about the attack on Russia, and in the past the Russian space agency ' Roscosmos ' and ...
Greetings. Here's some Friday fun for #Roscosmos to enjoy. Greetz to the homies @ITarmyUA @YourAnonNews and all the #hackers bitch slapping Russia sideways for the last three weeks. Get the fuck out of #Ukraine .
— NB65 (@ xxNB65) March 18, 2022
Слава Україні! Pic.twitter.com/Ll0jdjtkkZ
We are launching a ransomware attack on the Russian state-run broadcasting station, All-Russia State Television and Radio Broadcasting Company (VGTRK) . Among them, the attack on VGT RK reportedly leaked a total of 786.2 GB of internal data, including 900,000 emails and 4000 files, to the distributed denial of secrets (DDo Secrets) , a non-profit whistleblower site. ..
The All-Russian State Television and Radio Broadcasting Company (VGTRK), propaganda branch of the Russian Federation can fuck themselves. @Telecomix is going to have some fun parsing through this. #Datalove @YourAnonNews @ITarmyUA Glory to Ukraine! Full dump will be ready soon. pic.twitter.com/3foAOAYBDv
— NB65 (@ xxNB65) March 25, 2022
Meanwhile, ransomware that uses NB65 was uploaded to VirusTotal , a website that inspects files and websites for malware. After examining the NB65 ransomware sample uploaded by Bleeping Computer, it seems that almost all antivirus vendors have determined that this ransomware is 'Conti', and the ransomware used by NB65 is the source code of Conti. They also found that 66% were the same.
Conti has issued a statement pro-Russian policy after Russia's military invasion of Ukraine began, and Ukrainian researchers who opposed it leaked a year's worth of internal chat logs and other data. I was made to do it. The researcher who leaked the data seems to have been monitoring Conti for a long time, and said that he leaked the data 'to prove that they are shit'. The ransomware used by NB65 is a modified version of the ransomware code leaked at this time.
A ransomware attack group with 'pro-Russian policy' was attacked by a hacker near Ukraine and a year's worth of internal chat logs leaked --GIGAZINE
In NB65 ransomware, the extension of the encrypted file is '.NB65' and ...
The note 'R3ADM3.txt' displayed on the encrypted device says, 'We are watching very carefully. Your president should not commit war crimes. If you are in the current situation If you're looking for someone to blame for, there's nothing better than Vladimir Putin, 'says a sentence blaming Russian President Vladimir Putin.
In response to a Bleeping Computer inquiry, NB65 acknowledged that it created ransomware based on the source code leaked from Conti. It seems that the source code has been changed so that Conti's decryption function is not available, and it states that 'it cannot be decrypted without contacting us.'
NB65 said of a series of attacks: 'Once Russia has stopped all engagements in Ukraine and ended this ridiculous war, NB65 will stop attacking Russia's Internet-facing assets and businesses. Until then. We don't attack countries other than Russia. Conti, Sandworm , and other APT attack groups in Russia have been attacking the West for years with ransomware and supply chain attacks. We thought it was time for them to deal with it themselves. '
Related Posts:
