This post is also available in: heעברית (Hebrew)

New piece of ransomware discovered following the cyber attack on the Albanian Government. The Albanian government announced mid-July that it was forced to shut down some public online services due to a cyberattack. Mandiant, a cyber security company, has investigated the incident, which led to the discovery of a new piece of ransomware. Mandiant researchers came across the ransomware after it had been uploaded from Albania to a public malware repository a few days after the cyberattack was launched. The ransomware has been named Roadsweep.

Securityweek.com reports that while the researchers could not confirm that the ransomware was indeed used in the attack, the malware encrypts files on compromised systems and then drops a ransom note suggesting that its target is the Albanian government.

The cybersecurity firm also spotted a website and Telegram channel named ‘HomeLand Justice’, which took credit for a ransomware operation aimed at the Albanian government. The site implied that it had been run by Albanian citizens unhappy with their government. However, this entity’s focus appeared to be an Iranian opposition organization designated as a terrorist group by the US Department of State.

Following a thorough investigation, the researchers were able to determine that the Roadsweep ransomware shared code with a back door named Chimneysweep that allows its operators to take screenshots, log keystrokes and steal files. 

Moreover, it appears from within the country uploaded to a public malware repository a sample of a wiper malware that Mandiant has named Zeroclear. While the cybersecurity company was unable to confirm that this malware was used in the disruptive operation, Zeroclear was previously used by Iran-linked threat actors for disruptive activities in the Middle East.

Mandiant researchers also believe other NATO members could be targeted in similar operations.

Prepared to dive into the world of futuristic technology? Attend INNOTECH 2022, the international convention and exhibition for cyber, HLS and innovation at Expo, Tel Aviv, on November 2nd – 3rd

Interested in sponsoring / a display booth at the 2022 INNOTECH exhibition? Click here for details!