[ad_1]
For weeks, The cybersecurity world is bracing for a devastating hack that could accompany or herald a Russian invasion of Ukraine. Now, the first wave of these attacks appears to have arrived.Though small so far, tricks used by the campaign hint at a repeat for Russia Massively Destructive Cyber Warfare This has crippled the Ukrainian government and critical infrastructure over the past few years.
Data-destroying malware disguised as ransomware has hit computers of Ukrainian government agencies and related organizations, security researchers at Microsoft said saturday night. Victims include an IT company that manages a series of websites, just like the hacked ones Defaced with anti-Ukrainian messages early FridayBut Microsoft also warns that the number of victims may still increase as Wiper malware is discovered on more networks.
Viktor Zhora, a senior official at Ukraine’s cybersecurity agency State Service for Special Communications and Information Protection (SSSCIP), said he first started hearing about the ransomware on Friday. The administrator found that the PC was locked and displayed a message asking for $10,000 in Bitcoin, but when the administrator restarted them, the machine’s hard drive was irreversibly damaged. SSSCIP found the malware on only a handful of machines, he said, but Microsoft also warned Ukrainians that it had evidence the malware had infected dozens of systems. As of Sunday morning ET, there appeared to be an attempt to pay the ransom in full.
“We’re trying to see if this is related to a larger attack,” Zhora said. “This could be the first stage, part of something more serious that could happen in the near future. That’s why we’re very concerned.”
Microsoft warns that when a PC infected with fake ransomware restarts, the malware overwrites the computer’s Master Boot Record, or MBR, the information on the hard drive that tells the computer how to load its operating system. It then runs a file corruption program that overwrites a long list of file types in certain directories. Microsoft’s blog post notes that these disruptive techniques are unusual for ransomware because they cannot be easily reversed if the victim pays the ransom. Neither the malware nor the ransom message appeared to be tailored to each victim in the campaign, suggesting the hackers had no intention of tracking down victims or unlocking payers’ machines.
The malware’s two destructive techniques, as well as its fake ransomware message, come with creepy reminders: From 2015 to 2017, Russia conducted data-wiping cyberattacks on Ukrainian systems, sometimes with devastating consequences.Of these attack waves in 2015 and 2016, one a group of hackers known as sandworms, which was later identified as Russian GRU Military Intelligence Service, using malware similar to the kind Microsoft has identified to wipe hundreds of PCs in Ukrainian media, power companies, railway systems and government agencies including its finance ministry and pension fund.
These targeted breaches, many of which used similar fake ransomware messages to try to confuse investigators, culminated in NotPetya worm published by Sandworm In June 2017, it was automatically propagated between machines within the network. Like the current attack, NotPetya overlaid the master boot record as well as a list of file types, crippling hundreds of Ukrainian organizations, from banks to Kiev hospitals to Chernobyl surveillance and cleanup operations. Within hours, NotPetya spread around the world, eventually causing a total of $10 billion in damage, the most costly cyberattack in history.
The emergence of the malware even bears some resemblance to earlier attacks, which has alarmed the global cybersecurity community, which has warned of a data-destructive escalation given tensions in the region. For example, security firm Mandiant released a detailed guide on Friday aimed at hardening IT systems against potentially damaging attacks of the kind Russia has carried out in the past. “We have been specifically warning our customers that this attack appears to be ransomware,” said John Hultquist, head of threat intelligence at Mandiant.
Microsoft has been careful to point out that it has no evidence that any known hacking group is responsible for the new malware it has discovered. But Hultquist said he couldn’t help but notice the malware’s resemblance to the destructive wiper used by Sandworm. The GRU has long been engaged in sabotage and sabotage in Russia’s so-called “near-neighbor” former Soviet states. Sandworm’s destructive hacking was especially powerful at a time of tension or a heated conflict between Ukraine and Russia. “In the context of this crisis, we expect the GRU to be the most aggressive player,” Hultquist said. “The problem is their cab.”
[ad_2]
Source link
