For weeks, a The world of cybersecurity has set in motion a destructive philanthropy that could follow or mark the Russian invasion of Ukraine. Now, the first wave of demonstrations seems to have arrived. Even to a lesser extent, the campaign uses methods that signal the resumption of Russia the most disruptive cyberwar campaign that paralyzed the Ukrainian government with complex construction years ago.
The phishing scam software, which appears to be a ransom, has hit computers inside Ukrainian government agencies and affiliates, security analysts at Microsoft. said Saturday night. The victims include an IT company that manages a list of pages, the same ones that steal defiled by a message against Ukrainian earlier Friday. But Microsoft also warned that the number of victims should continue to grow as the wiper hacking program is available on many networks.
Viktor Zhora, head of the Ukrainian cybersecurity organization, known as the State Services for Special Communication and Information Protection, or SSSCIP, said he first heard about the message of redemption on Friday. Administrators found locked PCs and displayed a $ 10,000 message in bitcoin, but the machine’s power supply was permanently damaged when the administrator restarted them. He said the SSSCIP had just detected malware on a number of machines, and that Microsoft had warned Ukrainians that it had evidence that the malware had triggered a number of malware. By Sunday morning ET, someone seems to have tried to pay the full ransom.
“We are trying to determine if this is related to a major attack,” Zhora said. “This could be the first phase, part of the big things that could happen soon. That’s why we’re so worried.”
Microsoft warns that if a PC-infected PC reboots, a malware program records the computer’s history, or MBR, information on the hard drive that tells the computer how to install its software. It then runs a fake file system that lists a long list of file types in some items. These destructive methods are uncommon for ransomware, Microsoft’s blog posts, because they cannot be easily modified if the victim pays a ransom. No malware program or message of redemption seems prearranged for anyone affected by the campaign, meaning thieves have no intention of pursuing victims or releasing victims’ machines.
All of the malicious attacks of the malware, as well as its propaganda for ransomware, have vicious reminders of Data wiping in Russia took place against the Ukrainian system from 2015 to 2017, sometimes with destructive consequences. In the waves of 2015 and 2016 attacks here, a a group of invaders known as the Sandworm, later became known as part of Russian military GRU intelligence team, used a similar malware program that Microsoft had identified to scan hundreds of PCs within Ukrainian media, electronics, trains, and government agencies, including financial and pension funds.
Supervised malware, many of which used ransomware fake messages to confuse investigators, ended with Sandworm release for NotPetya worms in June 2017, which spreads itself from machine to machine within the network. In the same attack, NotPetya wrote master boot notes along with a series of file types, weakening hundreds of Ukrainian corporations, from banks to hospitals in Kyiv to the Chernobyl monitoring and cleaning operation. In just a few hours, NotPetya spread all over the world, and eventually cost $ 10 billion, spending a lot of money online.
The appearance of a malware program that closely resembles the past has added to the global security alarms, which had previously warned of increasing data breaches due to the crisis in the region. The Mandiant security company, for example, released a detailed report on Friday on tightening IT systems in response to threats posed by Russia in the past. “We have been warning our customers of the seemingly imminent destruction,” said John Hultquist, Mandiant’s leading intelligence expert.
Microsoft has been careful to state that it does not have any evidence of any official responsibility for any known malware program that has been identified. But Hultquist says he has no choice but to recognize the similarities between the malware and the malware that Sandworm uses. The GRU group has a long history of destructive and destructive activities in Russia that are called “close to outside” of the countries of the former Soviet Union. And Sandworm in particular has a reputation for increasingly aggressive theft during times of crisis or conflict between Ukraine and Russia. “At this juncture, we expect the GRU to be extremely aggressive,” Hultquist said. “The problem is with their wheel.”