Little is known about Somnia besides what the Computer Emergency Response Team of Ukraine (CERT-UA) divulged. Based on their report, the ransomware targeted Ukrainian entities. It was meant for destructive purposes (wiper) and created by From Russia with Love (FRwL) (AKA: Z-Team). The report included minor technical information such as the file extension (.somnia) and encryption type - 3DES and AES-256-CBC. We also noted three sample hashes but no actual tangible samples to analyze. Aside from the payload itself, the FRwL group created a trojanized version of Advanced IP Scanner with Vidar Stealer and stole Telegram credentials from victims who downloaded and ran the trojan. From there, they gained access to corporate networks and used common tools to pivot within the network and exfiltrate data before deploying the final Somnia payload.