Whilst the world watched the 24 hr mutiny by the Wagner group involved in the Russian war with Ukraine, another attack was taking place in cyber space.
A strain of malware created by the Chaos ransomware builder has been seen on a number of devices in Russia with a message supporting the Wagner mutiny.
A detailed breakdown of the ransomware and its methods of operation has been published by cyber security research company Cyble.
Official Wagner PMCs Employment Virus
Once the ransomware has finished its process of encrypting a victim system, a message is displayed which is an attempt to rally support for the Wagner mutiny by rising up against Shoigu.
Sergei Shoigu is the Minister of Defence of the Russian Federation who Yevgeny Prigozhin (The leader of the Wagner group) blames for the lack of support, and thus the death of many of his mercenaries.
No ransom demand
The ransomware attack does not request any form of monetary recompense for file recovery – indeed, there is no chance of recovery – the malware is simply designed to delete and encrypt a victims data. The idea behind the attack is to anger the victim in an attempt to force blame onto Shoigu and thus further support for Prigozhin and the Wagner group.
Malware sample
Samples of the malware have been uploaded to Virus total which shows that 56 out of 71 AV systems detect the file (wagner.exe) as malicious.
