Many websites of Ukrainian government agencies were affected by the cyberattack that occurred earlier in this month.

Destructive malware targeted the websites of Ukraine’s ministry of foreign affairs, security and defense council, ministry of education, several governmental agencies, and a related IT firm while the country faces the biggest threat of Russian military invasion and stands at the edge of war.

A $10,000 bitcoin ransom demanded by hackers started the cyber attack.

Although perpetrators are not yet known, Ukrainian authorities are conducting an investigation. However, the country has suffered numerous cyberwars attacks originating in Russia.

“This is because of your past, present and future”

Attacks on the websites of Ukraine’s state were carried out with powerful messages appearing in their titles pages. They stated that their information had been leaked to hackers and that they would be deleted from all computers for political reasons.

“Ukrainian! All data on your computer were transferred to the pblic network. All your computer’s data are deleted and cannot be restored. You are now public information. Be afraid, and don’t be surprised if things get worse. Your past, present, as well as future are all responsible for this. Volyn [Ukrainian city – DailyCoin]OUN UPA [Ukrainian Rebel Army – DailyCoin], Galicia, Polissya, and historical lands.” – declared the anonymous hackers.
It addressed every Ukrainian person and was available in Polish, Russian and Polish languages. It also depicted a cross-out Ukrainian flag, coat of arms, silhouette of Ukrainian territory and pig’s head above the text.

However, the senior official of Ukraine’s cybersecurity agency, Viktor Zora, revealed the first attacks started a day before such a message was shared on governmental institution websites.

He claims that the first bitcoin ransom demanded by website administrators was $10,000. Administrators discovered that the hard drives of their computer systems were irreparably destroyed after they rebooted.

Complex attack

Later, it was revealed that hackers destroyed a number of information resources from the outside world in a coordinated attack.

According to the Ukrainian cyber police, attackers employed three types of attack techniques, including supply chain attacks, exploit of OctoberCMS content management systems, and vulnerability Log4j which is a Java-based utility for logging. The DDOS attack on affected institutions occurred just a day earlier.

Investigators claim that “short deadlines for the attack indicate the coordination of hackers’ actions and their number”.

While the majority of the hack-hacked government websites are now back up and running in just a matter of days, no one has been able to identify the hackers of fake bitcoin ransom messages or data-wiping attacks.

Are you still suffering from Sandworm?

The attacks on the Ukrainian state institutions have some similarities to cyberwar activities against Ukraine in 2015.

The country’s government agencies, treasury, railway system, media companies and even national power grid were hit by the malware attacks. It was one of the most successful and publically known cyberattacks against such an object.

The acts of cyberwar back in 2015 happened during the Russian military intervention into Ukraine’s territory. These cyberwar acts were also connected to Sandworm (a Russian cyberwar unit) of the GRU which is the Russian organization responsible for military intelligence.

Although the malware looks like ransomware, it does not have a ransom recovery method. This means that the malware “is designed to render targeted devices inoperable rather than to obtain a ransom” states a blog from the Microsoft (NASDAQ:) Threat Intelligence Centre.

Ransomware has a new dimension

Security experts raised eyebrows when hackers attacked the Ukrainian institutions. Experts say that although attackers mimicked ransom demands, the real goal was data destruction and data theft.

“The malware is designed to look like ransomware but lacks a ransom recovery mechanism. This means that the malware “is designed to render targeted devices inoperable rather than to obtain a ransom” the Microsoft Threat Intelligence Centre writes in its blog post.

According to cybersecurity experts, such usage of malware might “mark the beginning of a new dimension of the ransomware threat”.

Ransom payments to recover stolen data are becoming less common worldwide. Cybercriminals are now looking for new ways to get ransoms from companies that refuse or cooperate.

Why you should care

Ukraine, Europe’s second-largest nation by land area, is in danger of being invaded by the Russian Federation. The Russian Federation has mobilized an incredible 100,000 troops and missiles to the Ukrainian border. Kremlin views the sovereign state as part Russia and has vowed to impede its ties with the West. NATO member states are sending hardware to Ukraine to counter the Russian military threat. Europe’s military tension is at its highest level since World War II.

EMAIL NEWSLETTER

You can also join the crypto-verse

Upgrade your inbox and get our DailyCoin editors’ picks 1x a week delivered straight to your inbox.

[contact-form-7]
With just one click, you can unsubscribe at any time.

Continue reading on DailyCoin