Thursday, February 9, 2023
Home Tech News Monsters Inc, Stingless Bees, and BlackFog makes the threats clear. This...

Monsters Inc, Stingless Bees, and BlackFog makes the threats clear. This Week in Ransomware – Sunday December 4, 2022

We know that monsters aren’t real, but they’re still a threat

Software company ESET has detected a new ransomware variant named RansomBoggs in organizations in Ukraine.

The ransom note that accompanies the attack claims to be written by James P. Sullivan, the main character in the movie Monsters Inc. Other references to the movie are also reported to be in the code.

RansomBoggs note (ESET)

ESET points out that this new variant shares many similarities with previous attacks by a group known as Sandworm. It uses a PowerShell script to distribute .NET ransomware.

Sandworm is reportedly a group of elite state-sponsored Russian hackers, active for decades, with a reputation for attacking infrastructure and control systems.

Security blog Bleeping Computer stated that they are “believed to be part of Unit 74455 of the Russian GRU’s Main Center for Special Technologies.”

The group has been linked to earlier attacks on Ukraine infrastructure with the KillDisk wiper as well as the NotPetya ransomware. The U.S. Department of Justice charged six members of the group for activities related to the NotPetya ransomware attack, as well as attacks on the 2018 Winter Games and the 2017 elections in France.

It also doesn’t float like a butterfly

A new ransomware group has emerged which has been named Trigona, after a family of stingless bees. The group has adopted a logo which features a person in a cyber bee costume.

Source:  Malware Hunter Team tweet

While the group has been active for some time, it has recently launched a new Tor site where it accepts Monero for ransom payments. Monero bills itself as a secure, private and untraceable currency.

Lawrence Abrams from security blog Bleeping Computer has done some deeper analysis on Trigona.

BlackFog issues a list of ransomware attacks with a number of Canadian attacks

Security firm BlackFog issued its State of Ransomware in 2022 report, with a month-by-month review of some of the major attacks from the past year. The list is drawn from attacks around the world, and is a rather depressing year in review. A number of prominent Canadian organizations made the list, including Sobeys, the Ontario Secondary School Teacher’s Federation, the Montreal Tourism Agency, Bell Technical Services, the John Diefenbaker International Airport, and more.

The list is worth looking at, if only to gain a clear picture of the sheer range of organizations that have been affected by ransomware. Statistics and mapping are one way to view the problem, but going month by month through the lists of companies brings the problem into stunning clarity.

- Advertisment -

Most Popular

Getting COVID-19 vaccine during pregnancy helps protect newborns: study

Getting vaccinated against COVID-19 during pregnancy passes along protection against infection and hospitalization to newborns, a Canadian study says. The research, published in the BMJ...

Give tax break so small Canadian firms can invest in cybersecurity, Parliament told

Ottawa should deploy a wide range of strategies, including tax breaks, to encourage small businesses to take cybersecurity more seriously, a member of a...

Texas man pleads guilty to federal charges in 2019 El Paso Walmart mass shooting

A Texas man pleaded guilty Wednesday to federal hate crime and weapons charges in the racist attack at an El Paso Walmart in 2019,...

Sleep-deprived Calgarian still waiting for CPAP machine following massive recall

The massive worldwide recall of a vital piece of medical equipment by Philips continues to cause serious problems for some Canadians, including a Calgary woman. Gail...