The Ukrainian CERT (CERT-UA) has uncovered an attack campaign aimed at compromising Ukrainian organizations and irretrievably encrypting their files. To do that, they are leveraging a specific version of the Somnia ransomware that, “according to the attackers’ theoretical plan, does not provide for the possibility of data decryption.”
How the attacks unfolded
The Ukrainian cyber experts believe that the attack was effected by Russian hacktivists that go by FRwL (From Russia with Love), with help from an initial access broker (IAB).