NB65, or Network Battalion 65, is a self-proclaimed cybergroup from Ukraine that made its motivations known on Twitter when it pledged support for Ukraine after Russia invaded in February 2022. At first, it was believed that the group was destroying systems and defacing the websites of Russian organizations after making several posts showcasing their attacks. It wasn't until a ransomware researcher named Amigo-A submitted the official NB65 ransomware to his digest that we learned that NB65 wasn't just a cybergroup attacking Ukraine but also utilizing ransomware to do so. Based on the victims posted to their Twitter page (@xxNB65), the group has at least 20 victims, all within Russia.
For the ransomware itself, the WatchGuard Threat Lab was able to find two samples. One was explicitly targeted at the organization it attacked based on the ransom note it dropped. The other was a general ransom note with no known target in the ransom note. You can see both of those below. The ransomware is a modified version of the second iteration of Conti (Conti v2), which ironically was created by Russian threat actors and was leaked by a Ukrainian hacker, possibly from NB65. NB65 changed the code so the decryptor wouldn't work on it, resulting in an alleged 66% code similarity based on Intezer analysis. Even though the code is altered, the encryption type is the same - ChaCha20 with an RSA-4096 encryption key for each file.
The group gives victims seven days to send funds, or they won't decrypt files. However, the group claims that they aren't seeking ransoms, and if they were to receive one, it would be donated to Ukraine. As such, we would consider the actions of NB65 as those of hacktivists. The group was active from late February 2022 to early August 2022. After this, several variants of NB65 began to pop up, such as MEOW! and PUTIN, among others.
Known Victims(20)
Industry Sector | Pays | Extortion Date | Amount (USD) |
---|---|---|---|
Education | Russia | ||
Telecommunications | Russia | ||
Energy | Russia | ||
Aerospace & Aviation | Russia | ||
Education | Russia | ||
Construction & Architecture | Russia | ||
Information Technology | Russia | ||
Information Technology | Russia | ||
Construction & Architecture | Russia | ||
Information Technology | Russia | ||
Media & Marketing | Russia | ||
Professional Services | Russia | ||
Construction & Architecture | Russia | ||
Hospitality | Russia | ||
Banking & Finance | Russia | ||
Information Technology | Russia | ||
Banking & Finance | Russia | ||
Information Technology | Russia | ||
Telecommunications | Russia | ||
Manufacturing | Russia |