Russian ransomware group claims attack on Bulgarian refugee agency

Written by
May 4, 2022 | CYBERSCOOP

A ransomware group believed to have strong ties within Russia said Wednesday that it will release files it took from the Bulgarian government agency responsible for refugee management, a nation that has reportedly hosted hundreds of thousands of fleeing Ukrainians.

LockBit 2.0 posted a notice to the dark web portal it uses to identify and extort its victims saying it had files from the Bulgarian State Agency for Refugees under the Council of Ministers. “All available data will be published!” the notice read under the group’s trademark bright red countdown clock, which has a May 9 publication date but no specific posted ransom demand.

The agency didn’t immediately return an emailed request for comment. A spokesperson at the Bulgarian embassy in Washington, D.C., told CyberScoop Wednesday he didn’t have information on the incident and would look into it.

The agency’s website remains functional, but a notice on the site’s home page includes a notice that “due to network problems, the e-addresses of the State Agency for Refugees at the Council of Ministers are temporarily unavailable!!!” according to a Google translation.

Nearly 5.7 million Ukrainian refugees have fled their country since

Read More: