The rar attachment contains an exe file: the malware itself. Objective: to steal information from the victim.
Ukraine, Russia is a victim of its own cyber weapons. The NB65 group has developed an enhanced version of the Conti ransomware and uses it to attack Federation companies. The ransoms will be donated to Kyiv
Russia is a victim of its own cyber weapons. The NB65 (Network Battalion 65) hacking group used the source code of the Conti ransomware to create their own malware and used it to target targets in the Federation. This is the response to the invasion of Ukraine and the Bucha massacre. This was explained by the same members of the formation at Bleeping Computer, who announced that they have taken sides in support of Kyiv against the war crimes of Moscow. Not surprisingly, the malicious code will not attack other targets outside the Russian ones and will cease its offensive as soon as the hostilities against the European country end. As further confirmation, any ransom received by the group will be automatically donated to support humanitarian aid to Ukraine.
The new version of Conti is a nightmare for Moscow cybersecurity experts
Moreover, this new variant of Conti is a nightmare for the Moscow cybersecurity experts and for the same original members of the cybercrime group: the new ransomware, in fact, is more difficult to contain and counter than the original: first of all, the encrypted files are not they can be unlocked with any version of Conti’s decryptors. Furthermore, for each installation a randomized key is generated based on a couple of variants, which change for each target. Result: the only way to unlock the files is to contact NB65 and pay the pro-Ukraine ransom. It is unclear whether the formation operates within the IT Cyber Army of Ukraine or orbits in the Anonymous galaxy. On the other hand, it is certain that it has displaced Moscow and its companies, which did not think they would be attacked with their own weapons, moreover enhanced.