Conti’s leaked ransomware source code was used by a hacking group to create their own ransomware for cyber-attacks against Russian organisations.
Hackers use Conti's leaked ransomware to attack Russian companies – @LawrenceAbramshttps://t.co/3ymQL0BdOD
— BleepingComputer (@BleepinComputer) April 9, 2022
While we frequently hear about ransomware attacks that target businesses and encrypt data, we rarely hear about Russian organisations being targeted in the same way.
This lack of attacks is due to Russian hackers’ common belief that if they do not attack Russian interests, law enforcement officers in the country will turn a blind eye to attacks on other countries.
However, the tables have shifted: a hacking group known as NB65 is now launching ransomware attacks against Russian organisations.
NB65, a hacking group, has hacked into Russian entities, stolen their data, and leaked it online in the last month, warning that the attacks are the result of Russia’s invasion of Ukraine.
The hacking group is said to have targeted Russian entities such as document management company Tensor, Russian space agency Roscosmos, and VGTRK, a state-owned Russian television and radio station.
NB65 hackers have adopted a new tactic: targeting Russian organizations with ransomware attacks since late March. The hacking group created their ransomware using the leaked source code for the Conti operation. Almost all antivirus vendors detect this sample on VirusTotal as Conti. It uses 66% of the same code as the usual Conti ransomware samples.
