One of the most infamous Russian hacking groups, Sandworm, was behind a disruptive ransomware campaign in Ukraine and Poland that began in late September.

The report, which was published by the SANS reading room and authored by a team of security professionals at Palo Alto Networks, notes that "a subset of the attacks have involved an unknown payload."

We recommend that those affected by this ransomware campaign install any available security updates from their respective vendors as soon as possible. Those with the latest patches are less likely to be infected.

Additionally, we advise users to refrain from paying any ransom demanded for unlocking encrypted files. Criminals will never release keys for decrypting files without receiving payments in advance.

Sandworm actors appear to have been responding to "the perceived failure of their own malware" according to Palo Alto Networks. They used a modified version of the Mimikatz tool and local exploits to gain access to each respective organization." According to security firms ESET and MalwareTech, hacking group Sandworm was behind a wave of attacks against Ukraine early last month that infected more than 100 computers across government departments and firms in Kiev.

‍

Source: Russian Sandworm hackers deployed malware in Ukraine and Poland (msn.com)