© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Putin Team ransomware emerges from leaked Conti’s source code


Cyble Research and Intelligence Labs (CRIL) discovered new ransomware strains based on novel ransomware families, such as Putin Team, ScareCrow, BlueSky, and Meow, which have emerged from the leaked source code of Conti ransomware.

The researchers observed several new strains, identifying Putin Team, ScareCrow, BlueSky, and Meow ransomware.

Putin Team ransomware has likely emerged from the altered Conti’s code. The group claims to be of Russian origin, although, according to CRIL, there is no evidence to support this. Threat actors utilize Telegram to share information about their victims, disclosing two victims thus far.

“This ransomware uses ChaCha20 encryption algorithm for its encrypting files. ChaCha20 is a symmetric stream cipher and is highly adopted by ransomware groups because of its fast encryption process. After encrypting the files, it renames them by appending .PUTIN as an extension, as shown below,” the research explains.

Their ransom notes typically come as README.txt in each folder and include Telegram links, the victim’s ID, and further instructions for decrypting the files.

In turn, ScareCrow ransomware operates quite similarly: based on Conti ransomware, it encrypts the files and appends .CROW as an extension. Their ransom notes contain three Telegram handles for victims to reach out to the criminals.

BlueSky ransomware took the stage in the second half of 2022 and has many overlaps with Conti and Babuk ransomware (which source code was leaked in 2021), according to CRIL. Their extension to encrypted files reads as .BLUESKY. The group uses an onion site to further discuss the hack with victims.

Meow ransomware is rather novel in comparison to the other ones. Their extension says .MEOW, while their ransom notes contain four email addresses and two Telegram handles for victims to contact the cybercriminals.

The researchers recommend conducting regular backup practices, having an automatic software update feature in place, and avoiding any untrusted links.


More from Cybernews:

Big Tech struggles in 2022: stormy seas, different boats

LastPass tells world more about recent breach, researchers frustrated

Breaking Bad aficionado scammed $130k out of novice crooks

Meta will pay $725m to settle Cambridge Analytica case

Killnet targeted US healthcare sector organization

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked