FortiGuard Labs is aware of a report that a new ransomware strain named “RansomBoggs” was deployed to multiple unnamed organizations in Ukraine. The ransomware encrypts files on compromised machines and provides attacker’s contact information for victims to talk with the attacker for file recovery.Why is this Significant?This is significant because RansomBoggs is the latest ransomware that targets Ukrainian organizations. Based on the tactics, techniques, and procedures (TTPs) used in the attack, security vendor ESET attributed RansomBoggs to the Sandworm APT group who is believed to be associated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation.What is RansomBoggs Ransomware?RansomBoggs ransomware encrypts files on compromised machines and adds a “.chsch” file extension to the affected files. It drops a ransom note requesting victims to get in touch with the attacker for file recovery.Currently, there is no indication that RansomBoggs ransomware has wiper functionality.What is the Status of Coverage?FortiGuard Labs provides the following AV signature for RansomBoggs ransomware:MSIL/Filecoder.A!tr.ransom
More Stories
USN-7415-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
Kubernetes Ingress-nginx Controller RCE
What is the Vulnerability?On March 24, researchers disclosed a set of five vulnerabilities, collectively known as "IngressNightmare,” affecting Ingress-nginx, one...
perl-Compress-Raw-Lzma-2.212-6.fc41 xz-5.8.1-1.fc41.1
FEDORA-2025-051becf4f2 Packages in this update: perl-Compress-Raw-Lzma-2.212-6.fc41 xz-5.8.1-1.fc41.1 Update description: xz 5.8.1 Read More
perl-Compress-Raw-Lzma-2.209-9.fc40 xz-5.8.1-1.1.fc40
FEDORA-2025-4871b31998 Packages in this update: perl-Compress-Raw-Lzma-2.209-9.fc40 xz-5.8.1-1.1.fc40 Update description: xz 5.8.1 Read More
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. ...
A Vulnerability in Ivanti Products Could Allow for Remote Code Execution
A Vulnerability has been discovered in Ivanti Connect Secure, Policy Secure, and ZTA Gateways which could allow for remote code...