Hacking group NB65 has been leveraging proprietary ransomware developed using the leaked Conti ransomware source code to launch attacks against Russian organizations amid the ongoing Russian invasion of Ukraine, BleepingComputer reports.
Russian entities, including space agency Roscosmos, document management operator Tensor, and state-owned Russian Television and Radio broadcaster VGTRK, have been targeted by NB65, with the organizations' data stolen and exposed online during the past month. NB65 has claimed to have stolen 786.2GB of data, including 4,000 files and 900,000 emails from VGTRK. However, the group has since pivoted to using the Conti ransomware source code, which has been leaked after Conti had expressed support for Russia. Analysis of NB65's modified Conti executable available in VirusTotal revealed that it shares 66% of the code as usual Conti ransomware samples. BleepingComputer discovered that executing NB65's ransomware will prompt the inclusion of the .NB65 extension on files that have been encrypted, as well as the creation of ransom notes that blame Russian President Vladimir Putin. While the NB65 ransomware encryptor had been based on the initial leak of Conti source code, the group modified it to evade all versions of Conti's decryptor, according to an NB65 representative.
Numerous Ukrainian organizations have been compromised by a wave of attacks using the novel .NET-based RansomBoggs ransomware strain, which resembled prior attacks by the Russian state-sponsored threat operation Sandworm, reports The Hacker News.
Cincinnati State Technical and Community College has been impacted by a Vice Society ransomware attack, with allegedly stolen data being leaked by the attackers on their Tor data leak site, BleepingComputer reports.