Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Wagner ransomware. Show all posts

Wagner' Ransomware Targets Computers in Russia

A recent ransomware attack has been uncovered by security researchers, revealing a peculiar motive. The attackers behind this ransomware campaign are seemingly attempting to promote recruitment for the Russian mercenary group known as Wagner. 

Notably, Wagner had a brief period of rebellion against the Kremlin over the past weekend. The ransomware specifically targets Windows PCs and includes a note that subtly suggests victims should contemplate joining the paramilitary organization. 

This discovery was made by the cybersecurity company Cyble. Additionally, security experts have found that the ransomware note, which encourages recruitment for the Russian mercenary group Wagner, is written in the Russian language. This indicates that the ransomware campaign was primarily intended to target computers within the country. 

 Cyble became aware of the attack after detecting a sample of the ransomware uploaded to VirusTotal by a user based in Russia. The ransomware note also includes a legitimate phone number for Wagner's recruitment offices in Moscow, accompanied by the provocative phrase, "If you want to go against the officials!" Over the past weekend, a significant development unfolded alongside the activities of the Russian paramilitary group Wagner. 

During this time, Yevgeny Prigozhin, the leader of Wagner, issued orders for his troops to march towards Moscow, aiming to remove Shoigu from Russia's Ministry of Defense. However, Prigozhin abruptly called off the armed revolt and instead accepted a deal that would effectively exile him to Belarus. 

Interestingly, amidst these events, a ransomware incident emerged, raising questions about its creators. Notably, Wagner has not claimed responsibility for the malicious code. The investigation indicates that the ransomware attack was crafted using the Chaos ransomware building tool, which originally surfaced in underground forums. 

The exact origins and motives behind the attack remain uncertain. While there are speculations about the motives behind the ransomware strain, with some suggesting a potential political agenda in support of Wagner Group, security researcher Allan Liska from Recorded Future offers an alternative perspective. 

Liska suspects that the true intent behind the attack may differ from initial assumptions. “Installing a ransomware/wiper on someone's machine is a poor way to recruit them. On the other hand, if you are a hacktivist group, say one that has used ransomware based on the Chaos builder in the past, that wants to get people mad at a certain group, this is a good way to do it,” Liska said in a tweet.