Leaked Conti ransomware used to attack Russian targets

Russian organizations are being attacked amid the invasion of Ukraine

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Multiple Russian companies have suffered aransomwareattack using tools originally built by a Russian threat actor. The attackers claiming responsibility for the attacks say they are doing it as retribution for the invasion of Ukraine.

When Russia first attacked Ukraine almost two months ago, the operators of the Conti ransomware issued a statement saying whoever goes against Russia, or Russian companies, will face their wrath.

Despite quickly taking the statement back (after a major outcry from its contractors, partners and users), a Ukrainian hacker went after the group, and leaked multiple versions of the ransomware.

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.

Click here to start the survey in a new window«

High-profile victims

The leak enabled other threat actors to build their own versions of themalware. And now, a group that goes by the name NB65 is using Conti strains to attack Russian targets.

According to a report fromBleepingComputer, in the past month,document managementoperator Tensor, Russian space agency Roscosmos and VGTRK, the state-owned Russian Television and Radio broadcaster, have all been compromised.

After breaching VGTRK, the group stole and leaked 786.2 GB of data, including 900,000 emails and 4,000 files, it was said.

Those that suffer an attack receive this message:

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“We’re watching very closely. Your President should not have committed war crimes. If you’re searching for someone to blame for your current situation look no further than Vladimir Putin.”

Conti ransomware source code leaked by Ukrainian researcher>Conti ransomware group has internal chats leaked after siding with Russia>Revenge hackers leak more Conti ransomware source code

Talking toBleeping Computer, a representative of NB65 said the encryptor was based on the first Conti source code leak, but was modified for each victim to render known decryptors useless.

“It’s been modified in a way that all versions of Conti’s decryptor won’t work. Each deployment generates a randomized key based off of a couple variables that we change for each target,” NB65 told BleepingComputer. “There’s really no way to decrypt without making contact with us.”

NB65 says none of its victims have been in contact.

ViaBleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

I fell in love with the cute and compact Hyundai Inster, but it has one major drawback