NB65 group targets Russia with a modified version of Conti’s ransomware

NB65 hacking group created its ransomware based on the leaked source code of the Conti ransomware and targets Russia.

According to BleepingComputer, NB65 hacking group is targeting Russian organizations with ransomware that they have developed using the leaked source code of the Conti ransomware.

The NB65 hacking group, since the beginning of the invasion, the collective joint the forces with Anonymous and hit multiple Russian targets, including All-Russia State Television and Radio Broadcasting Company (VGTRK) and the Russian Space Agency ‘Roscosmos’.

Since the end of March, the NB65 crew has started using its own ransomware to target Russian entities.

SSK Gazregion LLC is going to have a rough Sunday.We suggest you check your machines. They’re struggling. And what kind of chincy ass soviet connection are you guys using? You know how long it took us to exfil?!? Fuck Vladimir Putin. Fuck the Russian Military. pic.twitter.com/BZDMPb0JxN— NB65 (@xxNB65) April 3, 2022BleepingComputer first learned of NB65’s ransomware by cybersecurity researchers Tom Malka and during the weekend they were able to discover a sample of the Conti ransomware modified by NB65 that was uploaded to VirusTotal. The good news is that at this time, almost any AV solution on VirusTotal is able do detect the ransomware (detection rate 49/68).

Why CTI is fun?Cause when you put your soul and best efforts into it the results can be amazing,After a while I was tracking Nb65 hacking group I noticed a big game up they were doing, you can read it here:#hacking #NB65 #russiaukraineconflict https://t.co/tvND9MYlPC— Tom Malka (@ZeroLogon) April 9, 2022The experts noticed that unlike the original version of the Conti ransomware, NB65 version appends the .NB65 extension to the encrypted file’s names.

The hacktivists also customized the ransom note accusing Russia and Putin of invading Ukraine and having committed war crimes.

“We’re watching very closely.  Your President should not have commited war crimes. If you’re searching for someone to blame for your current situation look no further than Vladimir Putin,” reads the NB65 ransomware note shared by BleepingComputer.

Clearly, the group also modified the encryption process to avoid Russian victims using a decryptor provided by the Conti gang that announced its support to Russia.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERSVote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, Conti ransomware)

The post NB65 group targets Russia with a modified version of Conti’s ransomware appeared first on Security Affairs.