Press Release
Hackers target Russian businesses with ransomware that was disclosed by Conti.
Using the Conti ransomware’s stolen source code, a hacking group produced their own ransomware to be used in cyberattacks against Russian organisations.
We frequently hear about ransomware attacks that target businesses and encrypt data, but we hardly ever hear about assaults on Russian organisations.
This absence of attacks is a result of Russian hackers’ widespread conviction that if they do not target Russian targets, then the nation’s law enforcement will ignore attacks on other nations.
The situation has changed, though, as the hacking gang NB65 is now launching ransomware assaults against Russian firms.
Russian targets for ransomware
An organisation known as NB65 has been hacking Russian organisations for the past month, collecting their data, and exposing it online while claiming responsibility for the attacks on Russia’s invasion of Ukraine.
The document management company Tensor, the Russian space agency Roscosmos, and the state-owned Russian Television and Radio broadcaster VGTRK are among the Russian organisations that the hacking group claims to have attacked.
The attack on VGTRK was particularly noteworthy because it is claimed that 786.2 GB of data, including 900,000 emails and 4,000 files, were stolen and then released on the DDoS Secrets website.
The NB65 hackers have recently adopted a new strategy and, since the end of March, have been targeting Russian enterprises with ransomware attacks.
This is made even more intriguing by the fact that the hacker organisation used the Conti Ransomware operation’s leaked source code to construct their own ransomware. Conti is a group of Russian threat actors that forbid their members from assaulting targets in Russia.
A security researcher released 170,000 internal chat conversations and the source code for Conti’s operation after they sided with Russia in the war on Ukraine.
Threat researcher Tom Malka originally alerted BleepingComputer to NB65’s activities, but we were unable to locate a ransomware sample, and the hacking collective was unable to offer one either.
But yesterday, a sample of the modified Conti ransomware executable used by the NB65 was released to VirusTotal, giving us a look at how it operates.
This sample is recognised as Conti by almost all antivirus vendors on VirusTotal, and Intezer Analyze found that it shares 66% of the code with other Conti ransomware strains.
The ransomware developed by NB65 would append the when encrypting files, according to a test by BleepingComputer.
The names of the encrypted files have an NB65 extension.
Throughout the encrypted device, the ransomware will also produce ransom notes with the filename R3ADM3.txt. The threat actors will blame President Vladimir Putin for invading Ukraine for the cyberattack.
“We keep a careful eye on things. War crimes should not have been committed by your president. Look no further than Vladimir Putin for someone to blame for your current condition “reads the NB65 ransomware message displayed below.
In order to prevent existing decryptors from functioning, the NB65 hacker gang adjusted its encryptor for each victim based on the first Conti source code leak, according to a spokesperson who spoke to BleepingComputer.
“It has been changed such that no decryptor created by Conti will function. A random key is generated for each deployment depending on a few variables that we alter for each target, “According to NB65, BleepingComputer.
Without speaking to us, there is truly no way to decode.
NB65 informed us that they did not anticipate hearing from their victims at this time because they have not received any correspondence from them.
We’ll let NB65’s justifications for assaulting Russian groups speak for themselves.
ComboFix is a tool made by sUBs that checks your computer for known malware and tries to automatically remove infestations when it finds any. In addition to being able to get rid of a lot of the most popular and up-to-date malware, ComboFix also shows a report that skilled assistants may use to get rid of malware that isn’t already eradicated by the programme.
Please be aware that executing this programme without supervision may result in improper operation of your computer. Run this programme only at the direction of a knowledgeable assistant.
At the moment, Windows 8.1 is not compatible with this programme, just Windows 8!
The author is collecting PayPal donations from people who want to support his work. By selecting the following picture, you may contribute:
In an attack just before the holidays, the accounts of over three million customers of the American appointment scheduling service FlexBooker were taken, and they are now being exchanged on hacker forums.
The same hackers are also selling databases they claim to be from two other organisations: the Australian case management system rediCASE and the racing media outlet Racing.com.
Holiday breaches before
A few days before Christmas, there were supposedly three breaches, and the intruder posted the information on a hacking forum.
A popular programme for booking appointments and syncing employee calendars, FlexBooker, appears to be the source of the most recent data dump.
Owners of any company that needs to plan appointments, such as accountants, barbers, doctors, mechanics, lawyers, dentists, gyms, salons, therapists, trainers, spas, and the list goes on, are among FlexBooker’s clients.
The group claiming responsibility for the attack appears to go by the name of Uawrongteam, and they published links to files and archives containing personal information, including pictures, driver’s licences, and other IDs.
The database, according to Uawrongteam, has a table with 10 million lines of client data, including everything from payment forms and charges to pictures taken for driver’s licences.
Names, emails, phone numbers, password salt, and hashed passwords are among the database’s “juicy columns,” according to the actor.
Customers of FlexBooker have received a data breach notification that confirms the attack and that data on the service’s Amazon cloud storage system was “accessed and downloaded” by the intruders.
The letter states that “our account on Amazon’s AWS servers was compromised on December 23, 2021, starting at 4:05 PM EST,” adding that the attackers did not obtain “any credit card or other payment card information.”
FlexBooker advised consumers to be on the lookout for strange or fraudulent activities, and to monitor account statements and credit reports.
For further information, the developer also directed users to a report on a distributed denial-of-service (DDoS) attack. It was then determined that some customers’ personal information had been obtained by the hackers.
The FlexBooker assault exposed email addresses, names, partial credit card information, passwords, and phone numbers for more than 3.7 million users, according to the data breach reporting service Have I Been Pwned.
Prior to FlexBooker, the threat actor known as Uawrongteam distributed links to material that was purportedly taken from Racing.com, a digital television station that broadcasts horse racing and offers news, stats, and event calendars associated with the sport.
The data from the Redbourne Gang’s rediCASE Case Management Software, which is utilised by numerous enterprises in addition to health and community agencies, looks to be another target of the same group.
Press Release
Rapyd, a “fintech-as-a-service” provider, to acquire Iceland-based Valitor, which establishes in-store and on the internet payments technologies, for $100M (Omar Faridi/Crowdfund Expert).
Rapyd, a “fintech-as-a-service” provider, to acquire Iceland-based Valitor, which develops in-store and online payments technologies, for $100M (Omar Faridi/Crowdfund Insider)
Omar Faridi / Crowdfund Insider:
Rapyd, a “fintech-as-a-service” provider, to acquire Iceland-based Valitor, which develops in-store and online payments technologies, for $100M — – Twitter- Facebook- LinkedIn- Pinterest- Reddit- HackerNews- Telegram- Weibo- Email- Print- Subscribe
-
Apps1 year agoWhy is Everyone Talking About Hindi Keyboards?
-
Social Media1 year agoWho is Rouba Saadeh?
-
Apps1 year agoThings you need to know about Marathi keyboard today
-
Apps1 year agoStuck with Your default Bangla keyboard? Isn’t it time for a change?
-
Social Media1 year agoMati Marroni Instagram Wiki (Model’s Age, Net Worth, Body Measurements, Marriage)
-
Games12 months agoTop 7 Popular Puzzle and Card Games for Relaxing Your Brain on Mobile, Featuring Solitaire
-
Entertainment1 year ago12 Online Streaming Sites that Serve as Best Alternatives to CouchTuner
-
Entertainment1 year agoMovierulz Website: Movierulzz 2021 Latest Movies on Movierulz.com