Russia Gets Hit With A Cyberattack Using Its Own Ransomware

Analysis of files stolen during a cyberattack on Russia's space agency has revealed a savage burn against the Kremlin.

Hackers linked to Anonymous revealed last month they had stolen a bunch of files from the Roscosmos.

The group is called Network Battalion 65 – or NB65 – and they said that Russian President Vladimir Putin ‘no longer has control over spy satellites’.

To prove they had the goods, the hackers shared a tweet that claimed to be Roscosmos server information.

According to The Telegraph, some of the files that were downloaded from the server and uploaded to the internet have now been analysed.

One file's source code was made up of 66 per cent 'of the same code as that of Conti', which was a Russian cybercrime ransomware that wreaked havoc on IT systems around the world.

Alamy

According to the Australian Cyber Security Centre (ACSC), Conti 'is a ransomware variant' that was first observed in early 2020.

"Conti is offered as a Ransomware-as-a-Service (RaaS), enabling affiliates to utilise it as desired, provided that a percentage of the ransom payment is shared with the Conti operators as commission," the ACSC said.

"This product provides information related to Conti’s background, threat activity, and mitigation advice."

The group who invented Conti used the ransomware to extort millions of dollars from the US and Europe when their cyberattacks targeted hospital and health services.

Since the beginning of Russia's invasion of Ukraine, Conti Group has declared support for Vladimir Putin and warned it will retaliate if cyberattacks are launched against the Kremlin.

However, Intezer Analyze has looked into the source code from the NB65 hack on Roscosmos and discovered the hackers have used Conti's medicine against them.

Twitter

It's believed the Anonymous hackers were able to get the source code for the cyberattack after it was uploaded to VirusTotal, which helps detects malware and ransomware around the world.

William Thomas, a cybersecurity expert at Curated Intelligence, a research organisation, said (via The Telegraph): “We know NB65 have made a modified version of Conti thanks to the sample on VirusTotal.”

When the hackers announced they had broken into Roscosmos last month, the space agency downplayed the attack.

The Roscosmos Director General Dmitry Rogozin later tweeted that nothing had happened, stating: “The information of these scammers and petty swindlers is not true.

“All our space activity control centers [sic] are operating normally.”

He went on to say that Russia would be treating any hacking of satellites as justification for war.

Rogozin has previously said that the control of not only their space agency, but also the orbital group and Russian International Space Station segment are well-protected from cyber attacks.