BI.ZONE detects destructive ransomware attacks against Russian users

Earlier this month, BI.ZONE Cyber Threat Intelligence team detected an attack campaign engineered by the Key Wolf hacker group

March 22, 2023

The victims are prompted to launch an executable and thus trigger file encryption on their computers. In a notable distinction from similar attacks, the perpetrators demand no ransom and offer no option to decrypt the affected files.

Presumably targeted via email, the victims receive two types of malicious files with nearly identical names, Информирование зарегистрированных.exe and Информирование зарегистрированных.hta (the words in Russian can be loosely translated as “Information for the registered”). The first of them contains a self‑extracting archive with two files: gUBmQx.exe and LICENSE. The second initiates a background process to download gUBmQx.exe from Zippyshare.

The Key Group ransomware encrypts data on hard disks, installs the group’s logo on the desktop, and opens a text message in English explaining the purpose of the attack: to destroy Russian computers. Further, the attackers ask to help their cause by sending money to their bitcoin wallet.

Ransomware attacks have been on the rise in recent years, and we are seeing more and more strains of this type of malware. In most cases, the targets are private companies. However, individual users can also fall prey to such attacks. While typically ransomware criminals pursue financial goals, we are also witnessing a growing trend in the use of ransomware to damage computer systems irrevocably, and Key Wolf’s attack is illustrative of that.

Oleg Skulkin

Head of Cyber Threat Intelligence, BI.ZONE

To protect your inbox from cyber threats, BI.ZONE experts recommend using specialized solutions that block spam and malicious messages.