(844) 627-8267
(844) 627-8267

‘Wagner’ Ransomware Targets Computers in Russia | #ransomware | #cybercrime

Security researchers have discovered a ransomware attack that tries to drive recruitment to the Russian mercenary group Wagner, which briefly rebelled against the Kremlin this past weekend. 

The ransomware is designed to target Windows PCs and will drop a note that implies victims should consider joining the paramilitary group, according to security firm Cyble. 

“Job opening. Service in the PMCS Wagner. For cooperation,” the note says, later adding: “Brothers, stop tolerating authority! Let’s go to war against Shoigu!”—a reference to the military general under Russian President Vladimir Putin. 

The ransom note dropped

The note is written in Russian, suggesting the ransomware was made to hit computers in the country. Cyble also noticed the attack after a sample of the ransomware was uploaded to VirusTotal from a user in Russia. The same note includes a real phone number for Wagner’s recruitment offices in Moscow alongside the words, “if you want to go against the officials!” 

The ransomware appeared this past weekend right as Wagner’s leader, Yevgeny Prigozhin, ordered his troops to march to Moscow in an effort to remove Shoigu from Russia’s Ministry of Defense. Hours later, Prigozhin called off the armed revolt while accepting a deal that’ll effectively exile him to Belarus. 

It’s not clear who created the ransomware strain. Wagner hasn’t claimed responsibility for the malicious code. It also appears the attack was created using the Chaos ransomware building tool, which first emerged in underground forums. 

Interestingly, though, while the attack will encrypt various files on a Windows PC, the dropped ransom note makes no demand for the victim to pay up. So it looks like the attack can permanently ruin files on an infected PC.

How the ransom note appears on a computer.

Cyble concluded: “The individual behind the ransomware strain could be politically motivated and supports Wagner Group.” However, Allan Liska, a security researcher at Recorded Future, suspects the actual intent may be different.

“Installing a ransomware/wiper on someone’s machine is a poor way to recruit them,” Liska said in a tweet. “On the other hand, if you are a hacktivist group, say one that has used ransomware based on the Chaos builder in the past, that wants to get people mad at a certain group, this is a good way to do it.”

How the Wagner ransomware spreads also remains unclear. But currently, most antivirus programs will detect the attack as malicious, according to VirusTotal.

Source link

National Cyber Security