Ransomware - MEOW!

The MEOW! (meow, MeowCorp, MeowCorp2022) ransomware is a derivative of the NB65 ransomware, and since NB65 is an altered Conti v2 variant, this follows suit. The Conti v2 source code leaked from an alleged Ukrainian hacker after the group publicly expressed support for Russia during the Russia-Ukraine war. The Conti v2 ransomware used a combination of ChaCha20 and RSA-4096 to encrypt files. ChaCha20 is used to encrypt the files because it's a significantly quicker stream cipher than an asymmetric encryption algorithm like RSA-4096, which is used to encrypt the ChaCha20 key. The MEOW! ransomware shares all of these characteristics. In tandem with the encryption event, the MEOW! ransomware drops a ransom note named "readme.txt" and provides at least seven known methods of communication for extortion negotiations: four emails and three telegram accounts. Security researcher Amigo-A followed the actions of the threat actor(s) distributing MEOW! and other similar variants of NB65, dubbing them the Anti-Russian Extortion Group. This is shown in the Threat Actors variable below.