Sprinkler sprinkled: Hackers use Russian malware to attack Russian companies

Determined to fight on the side of Ukraine in the field of cyber warfare, a group of hackers has recycled Russian malware by making a few modifications. Now they are using it to attack Russian companies and demand a ransom.

With the war in Ukraine, many hacker groups had to choose sides. The Russian group Conti decided to support the invasion. In retaliation, a Ukrainian cybersecurity researcher released the source code of their malware, a ransomware who door the name of the group, as well as more than a year of conversations between the members of the group.

Another group of hackers codenamed NB65, linked to Anonymous, rallied to Ukraine. For this, they recycled the ransomware Conti, with some modifications. Ransomware works by encrypting all of the victim’s files, and demands a ransom in exchange for the password. There are tools to decipher the data trapped by Conti, but these do not work with the new version of the NB65 group.

The ransoms will be returned to Ukraine

Hackers had already managed to infiltrate highly visible corporate networks, including the Tensor network operations center (NOC), the Roscosmos space agency and the television channel and radio of State VGTRK. They released hundreds of gigabytes of contacts, emails, and internal documents. With their new version of ransomware Conti, they are now attacking many private companies, which will have no choice but to pay the ransom if they want to regain access to their files.

NB65 publishes successful attacks on its Twitter account, and has already managed to infect the networks of Continent Express, SSK Gazregion LLC, and even Mosexpertiza. However, the group wanted to reassure companies from other countries. The hackers said they will only target targets in Russia, and will donate any ransom payments to Ukraine.