The NoName ransomware group, believed to have Russian ties, has launched a series of cyberattacks on several Finnish government organizations. As a result, multiple websites, including those of Traficom, the National Cyber Security Centre Finland (NCSC-FI), and others, experienced temporary inaccessibility due to Distributed Denial of Service (DDoS) attacks. The campaign also targeted entities such as the Central Chamber of Commerce, the Bank of Finland, and the Helsinki Region Chamber of Commerce. NoName, also known as NoName057(16), shared details of its attacks on a dark web portal, posting screenshots on social media, suggesting an attempt to disrupt daily activities in Finland.
The screenshots from the ransomware group’s leak portal contained messages indicating the ongoing cyberattacks, with one stating, “Finland continues to receive our New Year’s gifts (evil smile emoji).” The attacks specifically targeted government organizations related to road and rail transport, as well as cybersecurity. The screenshots, written in Russian, were shared on the X handle of a cybersecurity research organization. Additionally, a message directed to the Finnish government was posted on the dark web portal, stating, “While Russia is celebrating the New Year, in Finland it is the Day of Cowardly Closing by Geo after the attack NoName057(16) (evil smile emoji).”
The increase in DDoS attacks has been notable since the Russia-Ukraine war, with Russia targeting organizations in the EU and the US. NoName’s actions align with this trend, showcasing the geopolitical nature of cyber threats. The cyberattacks on Finnish government entities highlight the need for enhanced cybersecurity measures to protect against persistent threats from ransomware groups with geopolitical motivations.
