4 new extortions were found, based on declassified source code CONTI

Cyble Research and Intelligence Labs (Cril) I discovered the new boosters Putin Team, Scarecrow, Bluesky, and Meow, which are based on the source code of the CONTI robber, merged into the network this year.

  • Putin Team uses the CHACHA20 encryption algorithm, which is widely used by extortion groups due to its fast encryption process. After encrypting files, the extension “.Putin” is added to them. Brushing notes are usually in the “Readme.txt” file in each folder and contain links to Telegram, victim identifier and further instructions for decoding files. The Putin Team group claims to have Russian origin, but there is no evidence of this. Attackers use Telegram to specify their victims. At the moment, they indicated two victims.
  • scarecrow works similarly: it encrypts files and adds ” .Crow “as an extension. Their notes on the redemption contain 3 contacts of hackers in Telegram, with which the victim can contact cybercriminals.
  • Bluesky began activities in the second half of 2022 and largely coincides with the programs-bears Conti and Babuk. Extension for encrypted files – “.bluesky.” The group uses the Onion site for further negotiations with the victims.
  • meow – the freshest of all. To encrypted files, it adds extension “.Meow”, And the notes on redemption contain 4 email addresses and 2 Telegram contacts for communication with hackers.

Researchers recommend regular backup, turn on automatic software update and avoid any unreliable links.

/Media reports cited above.