28 November 2022

Sandworm hackers target Ukraine with new RansomBoggs ransomware


Sandworm hackers target Ukraine with new RansomBoggs ransomware

Multiple organizations in Ukraine have been hit with a wave of attacks deploying a new ransomware strain called “RansomBoggs.” Researchers with cybersecurity firm ESET, who first detected the attacks, linked this new campaign to Sandworm, a Russia-based state-backed threat actor, which has been increasingly targeting Ukrainian entities since the start of the Russia’s invasion of the country.

First spotted on November 21, the RansomBoggs malware is written in .NET, and its “deployment is similar to previous attacks attributed to Sandworm,” ESET wrote in a series of tweets.

In October, Microsoft detected a similar campaign using a never-before-seen ransomware strain called “Prestige” that targeted organizations in the transportation and related logistics industries in Ukraine and Poland. The company linked the new malware to a threat cluster it is tracking as Iridium (DEV-0960) believed to have connection to the Sandworm group.

ESET says they discovered links between RansomBoggs and previous Sandworm malware deployed against Ukrainian targets, such as ArguePatch, CaddyWiper, and Industroyer2. Some findings suggest RansomBoggs may be another data wiper disguised as ransomware.

Back to the list

Latest Posts

Cyber Security Week in Review: March 1, 2024

Cyber Security Week in Review: March 1, 2024

The world in brief: Russian cyberspies evolve to target cloud environments, North Korean hackers exploit Windows zero-day, and more.
1 March 2024
Ukrainian hacktivists share new details on production of Russian Orlan-10 drones

Ukrainian hacktivists share new details on production of Russian Orlan-10 drones

The data was obtained from hacked email correspondence from the Russian LLC “Special Technological Center.”
29 February 2024
North Korean Lazarus hackers abused recent Windows zero-day to obtain kernel-level access

North Korean Lazarus hackers abused recent Windows zero-day to obtain kernel-level access

Lazarus' shift to exploiting zero-day flaws represents a significant escalation from their previous methods.
29 February 2024