Threat Intel Flash: Sisense Data Compromise: ARC Labs Intelligence Flash

Get the Latest


Hackers Use Conti’s Leaked Ransomware to Attack Russian Companies

Russia’s invasion of Ukraine caused a split amongst threat actors. Before the war in Ukraine, Russian based threat actors operated with impunity if they did not attack organizations in countries within the Commonwealth of Independent States (CIS). That changed after the invasion when the horrors of war forced many hackers to take a stand against Russia, while others supported Russia’s actions. A member of the notorious Conti ransomware gang immediately released a public statement stating the group supported Russia. Days later, a disgruntled alleged member of the group that did not share the same feelings leaked 170,000 internal chat messages from the group, as well as source code. This source code is now being used by a new group to attack Russian based organizations. A new group named NB65 has been using the code to attack organizations, steal their data, and leak it online. NB65 started a Twitter page shortly after the invasion with their first tweets stating “Russia has made a fatal mistake. We are coming. #Ukraine” and “Seems like #anonymous could use a little help against Russia. We stand with #Ukraine.” Recently, the group has started demanding ransoms and leaving ransomware notes on encrypted devices. The note tells the victim that Vladimir Putin is responsible for the current situation they are in. The group claims that existing decryptors for Conti ransomware won’t work on their version as they have modified the leaked source code. The group told reporters that victims cannot decrypt without contacting them, although they do not expect any victim organizations to reach out to them.

Analyst Notes

The war in Ukraine will undoubtedly have everlasting changes in the world of cybersecurity. Ransomware operations may have also changed forever, although NB65 told reporters they will stop attacking Russian-facing internet assets and companies once the atrocities in Ukraine come to a halt. That being said, there has now been a new precedent set for politically motivated hackers that could change the threat landscape forever. Binary Defense analysts will continue to monitor the situation.