28 November 2022

Sandworm hackers target Ukraine with new RansomBoggs ransomware


Sandworm hackers target Ukraine with new RansomBoggs ransomware

Multiple organizations in Ukraine have been hit with a wave of attacks deploying a new ransomware strain called “RansomBoggs.” Researchers with cybersecurity firm ESET, who first detected the attacks, linked this new campaign to Sandworm, a Russia-based state-backed threat actor, which has been increasingly targeting Ukrainian entities since the start of the Russia’s invasion of the country.

First spotted on November 21, the RansomBoggs malware is written in .NET, and its “deployment is similar to previous attacks attributed to Sandworm,” ESET wrote in a series of tweets.

In October, Microsoft detected a similar campaign using a never-before-seen ransomware strain called “Prestige” that targeted organizations in the transportation and related logistics industries in Ukraine and Poland. The company linked the new malware to a threat cluster it is tracking as Iridium (DEV-0960) believed to have connection to the Sandworm group.

ESET says they discovered links between RansomBoggs and previous Sandworm malware deployed against Ukrainian targets, such as ArguePatch, CaddyWiper, and Industroyer2. Some findings suggest RansomBoggs may be another data wiper disguised as ransomware.

Back to the list

Latest Posts

Microsoft urges customers to patch on-premises Exchange servers

Microsoft urges customers to patch on-premises Exchange servers

Vulnerable Exchange servers may provide a way for malicious actors to breach an organization’s network.
30 January 2023
Russian Sandworm hackers hit Ukraine with new destructive wiper

Russian Sandworm hackers hit Ukraine with new destructive wiper

SwiftSlicer was deployed through Group Policy, suggesting the threat actor hijacked the victim’s Active Directory environment.
30 January 2023
Cyber security week in review: January 27, 2023

Cyber security week in review: January 27, 2023

The world in brief: the FBI dismantles the Hive ransomware operation, the League of Legend source code stolen in a hacker attack, and more.
27 January 2023