Cyberattacks on Ukraine: a Breaking Point In Ransomware Business?
DailyCoin
Published Jan 26, 2022 09:50AM ET
Updated Jan 26, 2022 10:00AM ET
Cyberattacks on Ukraine: a Breaking Point In Ransomware Business?
Numerous Ukrainian governmental websites went down due to the massive cyberattack earlier this month.
Destructive malware targeted the websites of Ukraine’s ministry of foreign affairs, security and defense council, ministry of education, several governmental agencies, and a related IT firm while the country faces the biggest threat of Russian military invasion and stands at the edge of war.
The series of cyber attacks started with a $10,000 ransom demand in bitcoin, which later became irrelevant for the hackers.
Ukrainian authorities are running an investigation, although perpetrators have not been identified yet. The country, however, has been under numerous cyberwars assaults originating from Russia in the past.
“This is because of your past, present and future”
The attacks hit the Ukrainian state websites with dramatic messages on their title pages stating that all their data were leaked and wiped out from computers due to political reasons.
“Ukrainian! All your data were uploaded into a pblic network. All data on computer is deleted without a possibility to restore. All information about you became public; be afraid and hope for the worse. This is because of your past, present, and future. Because of Volyn [Ukrainian city - DailyCoin], OUN UPA [Ukrainian Rebel Army - DailyCoin], Galicia, Polissya, and historical lands.” - declared the anonymous hackers. The statement addressed each and every Ukrainian and came in three languages including Polish and Russian. It also depicted a cross-out Ukrainian flag, coat of arms, silhouette of Ukrainian territory and pig’s head above the text.
However, the senior official of Ukraine’s cybersecurity agency, Viktor Zora, revealed the first attacks started a day before such a message was shared on governmental institution websites.
According to him, the website admins first faced the $10,000 in bitcoin ransom demand for accessing their data. Yet the administrators found irreparably damaged computer hard drives after rebooting.
Complex attack
As later stated the Ukrainian cyberpolice, numbers of external information resources were manually destroyed by hackers during a coordinated and complex attack.
Ukrainian cyber police revealed that perpetrators used three attack vectors, including supply chain attack, exploitation of content management system OctoberCMS and vulnerabilities of Log4j, a Java-based logging utility. A day before that, affected institutions were hit by DDOS attacks.
Investigators claim that “short deadlines for the attack indicate the coordination of hackers’ actions and their number”.
Although the absolute majority of the hacked governmental websites have resumed their work in a few days, the initiators of fake bitcoin ransom message and data-wiping attacks have not been identified.
Get The News You Want
Sandworm again?
The recent attacks on Ukrainian state institutions, however, have similarities with the cyberwar actions against Ukraine right before Christmas in 2015.
The country’s government agencies, treasury, railway system, media companies and even national power grid were hit by the malware attacks. The attack over the power grid led to outages for nearly a quarter of a million citizens and was one of the first publicly known successful cyberattacks on such an object.
The acts of cyberwar back in 2015 happened during the Russian military intervention into Ukraine’s territory. They were also related to Sandworm, a Russian cyberwar unit of the GRU, the organization in charge of Russian military intelligence.
The malware is designed to look like ransomware but lacks a ransom recovery mechanism. This means that the malware “is designed to render targeted devices inoperable rather than to obtain a ransom” states a blog from the Microsoft (NASDAQ:MSFT) Threat Intelligence Centre.
New dimension of ransomware threat
The cyberattacks on the Ukrainian institutions raised some eyebrows among the cybersecurity community. Although attackers imitated the ransom intentions, their real target was data and data destruction, experts say.
“The malware is designed to look like ransomware but lacks a ransom recovery mechanism. This means that the malware “is designed to render targeted devices inoperable rather than to obtain a ransom” the Microsoft Threat Intelligence Centre writes in its blog post.
According to cybersecurity experts, such usage of malware might “mark the beginning of a new dimension of the ransomware threat”.
Less and less companies worldwide agree to pay ransoms to redeem stolen data. This leads cybercriminal groups into finding new tactics like in-advance data destruction for those who refuse to pay and cooperate.
Why You Should Care
Ukraine, the second-largest country by area in Europe, is at the edge of war with the Russian Federation, which mobilized a massive 100,000 troops and missiles on the Ukrainian border. Kremlin sees the sovereign country as a part of Russia and is against its strengthening ties with the democratic West. NATO member countries are sending military hardware to support Ukraine in response to the Russian military threat. The military tension in Europe is the biggest since World War II.
EMAIL NEWSLETTER
Join to get the flipside of crypto
Upgrade your inbox and get our DailyCoin editors’ picks 1x a week delivered straight to your inbox.
[contact-form-7] You can always unsubscribe with just 1 click.
Continue reading on DailyCoin
Written By: DailyCoin
Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.