NB65 group targets Russia with a modified version of Conti’s ransomware

Pierluigi Paganini April 10, 2022

NB65 hacking group created its ransomware based on the leaked source code of the Conti ransomware and targets Russia.

According to BleepingComputer, NB65 hacking group is targeting Russian organizations with ransomware that they have developed using the leaked source code of the Conti ransomware.

The NB65 hacking group, since the beginning of the invasion, the collective joint the forces with Anonymous and hit multiple Russian targets, including All-Russia State Television and Radio Broadcasting Company (VGTRK) and the Russian Space Agency ‘Roscosmos’.

Since the end of March, the NB65 crew has started using its own ransomware to target Russian entities.

BleepingComputer first learned of NB65’s ransomware by cybersecurity researchers Tom Malka and during the weekend they were able to discover a sample of the Conti ransomware modified by NB65 that was uploaded to VirusTotal. The good news is that at this time, almost any AV solution on VirusTotal is able do detect the ransomware (detection rate 49/68).

The experts noticed that unlike the original version of the Conti ransomware, NB65 version appends the .NB65 extension to the encrypted file’s names.

The hacktivists also customized the ransom note accusing Russia and Putin of invading Ukraine and having committed war crimes.

“We’re watching very closely.  Your President should not have commited war crimes. If you’re searching for someone to blame for your current situation look no further than Vladimir Putin,” reads the NB65 ransomware note shared by BleepingComputer.

Clearly, the group also modified the encryption process to avoid Russian victims using a decryptor provided by the Conti gang that announced its support to Russia.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: 
https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Conti ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment