The NB65 hacking group, since the beginning of the invasion, the collective joint the forces with Anonymous and hit multiple Russian targets, including All-Russia State Television and Radio Broadcasting Company (VGTRK) and the Russian Space Agency ‘Roscosmos’.
Since the end of March, the NB65 crew has started using its own ransomware to target Russian entities.
BleepingComputer first learned of NB65’s ransomware by cybersecurity researchers Tom Malka and during the weekend they were able to discover a sample of the Conti ransomware modified by NB65 that was uploaded to VirusTotal. The good news is that at this time, almost any AV solution on VirusTotal is able do detect the ransomware (detection rate 49/68).
The experts noticed that unlike the original version of the Conti ransomware, NB65 version appends the .NB65 extension to the encrypted file’s names.
The hacktivists also customized the ransom note accusing Russia and Putin of invading Ukraine and having committed war crimes.
“We’re watching very closely. Your President should not have commited war crimes. If you’re searching for someone to blame for your current situation look no further than Vladimir Putin,” reads the NB65 ransomware note shared by BleepingComputer.
Clearly, the group also modified the encryption process to avoid Russian victims using a decryptor provided by the Conti gang that announced its support to Russia.
Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform
(SecurityAffairs – hacking, Conti ransomware)