Ransomware, Threat Intelligence

Russian businesses targeted by novel ransomware gang

Russia flag is depicted on the screen with the program code. The concept of modern technology and site development.

Attacks with a Conti ransomware code-based backdoor have been deployed by the new Muliaka ransomware operation against businesses across Russia since at least December, according to The Record, a news site by cybersecurity firm Recorded Future.

Windows systems and VMware ESXi infrastructure of one Russian company had been compromised with the malware after Muliaka had infiltrated its VPN network through phishing emails distributing a fraudulent version of the firm's antivirus system, a report from Russian Group-IB spinoff F.A.C.C.T. showed.

Further examination of the new malware revealed that it enabled process and system services termination prior to file encryption, unlike its Conti forebear.

While details regarding the origins of Muliaka as well as the outcome of the attack against the Russian company have been limited, such intrusions were noted by researchers to be part of a trend of financially motivated threat actors looking to exploit current geopolitical tensions in Russia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.