The US Embassy in Montenegro has warned Americans that an ongoing ransomware attack in the country could cause widespread disruption to key public services and government departments.
The ransomware attack, first confirmed last week by Montenegro’s Agency for National Security (ANB), targeted government systems and other critical infrastructure and utilities, including electricity, water systems and transportation. At the time of writing, the official website of the government of Montenegro is down and reports suggest that several power plants have switched to manual operations as a result of the attack.
Officials in Montenegro claimed no data was stolen and claimed no permanent damage was done as a result of the attack.
However, Montenegro’s ANB stated that the country was “in a hybrid war” and blamed “coordinated Russian services” for the attack. Relations between the two countries have remained tense since Montenegro joined the NATO alliance of western nations in 2017, after which Russia threatened retaliation.
The U.S. embassy in Montenegro has since released its own statement saying the government was dealing with a “sustained and ongoing” cyber attack. “The attack could involve disruptions to public utilities, transportation (including border crossings and airports) and telecommunications,” the embassy warned. It advised citizens living in the Balkan state to limit travel, review personal security plans and “be mindful of your surroundings”.
Montenegro has a big problem. Key State systems (Ministry of Finance, Critical Infrastructure) have been hacked. ransomware. Presumably Russia. In an important precedent, the US embassy has issued an official warning… This has never been done before. https://t.co/agPjiKleRI pic.twitter.com/EqZYEURprS
— Lukasz Olejnik (@lukOlejnik) August 30, 2022
According to malware research group VX-UndergroundThe Cuba ransomware group has claimed responsibility for the attack.
On its dark web leak site, seen by TechCrunch, the Cuba ransomware group claims it has “financial documents, correspondence with bank employees, account movements, balance sheets, tax documents, compensation [and] source code” from the Parliament of Montenegro on August 19.
Montenegro has been without a prime minister since August 20, when the country’s parliament voted to pass a vote of no confidence in the ruling government.
Cybersecurity firm Profero previously linked the Cuba ransomware group to Russian-speaking hackers, whom researchers observed as the group negotiated with its victims. Profero said it believes the group is “not sponsored by the state”.
The ransomware has been around since 2019, and last year the FBI issued a warning warning organizations that the cybercriminals were targeting critical infrastructure. The FBI said it observed about 50 targeted entities and that hackers demanded tens of millions of dollars from victims.
The attack on Montenegro comes just months after the Russian-affiliated Conti ransomware group attacked the Costa Rican government with a week-long attack that began in April. In a post on his dark web leak blog, Conti urged the citizens of Costa Rica to pressure their government into paying the ransom, which the group later doubled to $20 million.
This post US issues rare security warning as Montenegro fights ongoing ransomware attack – TechCrunch
was original published at “https://techcrunch.com/2022/08/31/montenegro-ransomware-attack-embassy-warning/”