Hacking group NB65 has been leveraging proprietary ransomware developed using the leaked Conti ransomware source code to launch attacks against Russian organizations amid the ongoing Russian invasion of Ukraine, BleepingComputer reports.
Russian entities, including space agency Roscosmos, document management operator Tensor, and state-owned Russian Television and Radio broadcaster VGTRK, have been targeted by NB65, with the organizations' data stolen and exposed online during the past month. NB65 has claimed to have stolen 786.2GB of data, including 4,000 files and 900,000 emails from VGTRK. However, the group has since pivoted to using the Conti ransomware source code, which has been leaked after Conti had expressed support for Russia. Analysis of NB65's modified Conti executable available in VirusTotal revealed that it shares 66% of the code as usual Conti ransomware samples. BleepingComputer discovered that executing NB65's ransomware will prompt the inclusion of the .NB65 extension on files that have been encrypted, as well as the creation of ransom notes that blame Russian President Vladimir Putin. While the NB65 ransomware encryptor had been based on the initial leak of Conti source code, the group modified it to evade all versions of Conti's decryptor, according to an NB65 representative.
Russian firms attacked with leaked Conti ransomware
Hacking group NB65 has been leveraging proprietary ransomware developed using the leaked Conti ransomware source code to launch attacks against Russian organizations amid the ongoing Russian invasion of Ukraine.
Almost 75% of all reported cyberinsurance claims during the first half of this year were attributed to business email compromise attacks, ransomware incidents, and fund transfer fraud, with average ransomware claim losses totaling $353,000.
Such a development comes months after National Public Data admitted the exposure of a database stolen from a December 2023 breach beginning in April, which was then followed by civil penalties being sought by over 20 states as well as potential fines from the Federal Trade Commission.
Investigation into the incident revealed the exfiltration of personal data from Casio and its affiliates' permanent and temporary employees, business partners, customers, and interviewed prospects for employment, as well as contracts with business partners.