Monsters Inc, Stingless Bees, and BlackFog makes the threats clear. This Week in Ransomware – Sunday December 4, 2022

We know that monsters aren’t real, but they’re still a threat

Software company ESET has detected a new ransomware variant named RansomBoggs in organizations in Ukraine.

The ransom note that accompanies the attack claims to be written by James P. Sullivan, the main character in the movie Monsters Inc. Other references to the movie are also reported to be in the code.

RansomBoggs note (ESET)

ESET points out that this new variant shares many similarities with previous attacks by a group known as Sandworm. It uses a PowerShell script to distribute .NET ransomware.

Sandworm is reportedly a group of elite state-sponsored Russian hackers, active for decades, with a reputation for attacking infrastructure and control systems.

Security blog Bleeping Computer stated that they are “believed to be part of Unit 74455 of the Russian GRU’s Main Center for Special Technologies.”

The group has been linked to earlier attacks on Ukraine infrastructure with the KillDisk wiper as well as the NotPetya ransomware. The U.S. Department of Justice charged six members of the group for activities related to the NotPetya ransomware attack, as well as attacks on the 2018 Winter Games and the 2017 elections in France.

It also doesn’t float like a butterfly

A new ransomware group has emerged which has been named Trigona, after a family of stingless bees. The group has adopted a logo which features a person in a cyber bee costume.

Source:  Malware Hunter Team tweet

While the group has been active for some time, it has recently launched a new Tor site where it accepts Monero for ransom payments. Monero bills itself as a secure, private and untraceable currency.

Lawrence Abrams from security blog Bleeping Computer has done some deeper analysis on Trigona.

BlackFog issues a list of ransomware attacks with a number of Canadian attacks

Security firm BlackFog issued its State of Ransomware in 2022 report, with a month-by-month review of some of the major attacks from the past year. The list is drawn from attacks around the world, and is a rather depressing year in review. A number of prominent Canadian organizations made the list, including Sobeys, the Ontario Secondary School Teacher’s Federation, the Montreal Tourism Agency, Bell Technical Services, the John Diefenbaker International Airport, and more.

The list is worth looking at, if only to gain a clear picture of the sheer range of organizations that have been affected by ransomware. Statistics and mapping are one way to view the problem, but going month by month through the lists of companies brings the problem into stunning clarity.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Jim Love
Jim Love
I've been in IT and business for over 30 years. I worked my way up, literally from the mail room and I've done every job from mail clerk to CEO. Today I'm CIO and Chief Digital Officer of IT World Canada - Canada's leader in ICT publishing and digital marketing.

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Featured Reads