2 min read

Russian Hacktivists Infect Ukrainian Targets with New Somnia Ransomware

Vlad CONSTANTINESCU

November 15, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Russian Hacktivists Infect Ukrainian Targets with New Somnia Ransomware

Several organizations in Ukraine have been infected with a new strain of ransomware, dubbed Somnia, in a recent wave of attacks by Russian hacktivists.

The new ransomware encrypts systems, attempting to render its targets inoperative. Unlike other ransomware infections, Somnia doesn’t include a ransom note, as its developers allegedly disabled its decryption feature.

Researchers from the Computer Emergency Response Team of Ukraine (CERT-UA) have pinned the attacks on the “From Russia with Love” (FRwL) hacking group in an announcement acknowledging the malicious campaign.

The cybercrime crew, also known as Z-Team and tracked as UAC-0118, claimed previous attacks against Ukrainian tank producers and revealed themselves as the creators of the Somnia ransomware in a Telegram group.

CERT-UA’s investigation revealed that the perpetrators spread the malware using fake websites masquerading as “Advanced IP Scanner” software. The rogue websites hosted a malicious installer cloaking the infamous Vidar stealer.

After it’s installed, Vidar would hijack the victims’ Telegram session, allowing threat actors to steal VPN configuration files, including authentication data and certificates from compromised devices. The lack of Multi-Factor Authentication (MFA) upon establishing a VPN connection granted the attackers unauthorized access to the organizations’ networks.

Once inside, the perpetrators performed network reconnaissance, deployed Cobalt Strike beacons, exfiltrated data and spread the Somnia ransomware. The malware targets a wide range of file types, including databases, archives, photos, videos and documents, and appends the “.somnia” extension after encrypting them.

According to CERT-UA’s announcement, Somnia has undergone some changes, given that it switched from the symmetric 3DES algorithm to AES. Also, unlike its first iteration, the recently spotted version of the ransomware lacks a decryption feature, leading researchers to believe that the attackers are more interested in damaging operations than extorting money from their victims.


Dedicated security software such as Bitdefender Ultimate Security can keep you safe from ransomware and other cyberthreats, with features like:

  • All-around, continuous protection against viruses, Trojans, ransomware, spyware, rootkits, zero-day exploits, worms, and other e-threats
  • Multi-layer ransomware protection that safeguards your documents from all types of ransomware attacks
  • Network threat prevention module that identifies and repels suspicious network-level activities
  • Advanced threat defense that monitors active apps and takes instant action upon identifying suspicious activity

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

BBB Warns Social Security Beneficiaries of Cost of Living Adjustment Scams BBB Warns Social Security Beneficiaries of Cost of Living Adjustment Scams
Alina BÎZGĂ

February 01, 2023

2 min read
Planet Ice hacked! 240,000 skating fans' details stolen Planet Ice hacked! 240,000 skating fans' details stolen
Graham CLULEY

January 31, 2023

2 min read
QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices
Filip TRUȚĂ

January 31, 2023

1 min read