As Ukraine prepares for cyberattack, officials warn of ransomware in disguise

According to Viktor Zora, deputy chief of Ukraine’s State Service of Special Communications, during last month’s attack, 90 websites operated by 22 Ukrainian organizations were mutilated and a form of malicious software in the form of ransomware some in two government agencies. Dozens of computers were destroyed. information protection. Such software, known as a “wiper” because it wiped data on the victim’s system, destroyed more than 12,000 computers in 2017 and disrupted government agencies and businesses.

Mr. Zora says he expects another attack. “This class of malware is rather popular and effective for attacking infrastructure,” he said.

Security experts say that in the 2017 attack, called Notepetya, Viper software in the form of ransomware has been used several times by government-backed hackers trying to cover their tracks and harm their opponents. are.

Cybersecurity firm CrowdStrike says it is likely to reappear in future computer attacks on Ukraine. And future attacks could affect Western companies, said Adam Meyers, the company’s senior vice president of intelligence. “We do not believe that the Russians will target the US or Western entities, but if things escalate and they use additional cyber capability in Ukraine, there could be spillovers,” he said.

Russia has denied any involvement in the cyber attack. The Russian embassy in Washington did not respond to a request for comment.

On 23 January, the US Department of Homeland Security warned that Russia would consider a catastrophic cyberattack on US networks if it viewed the response to the Russian invasion of Ukraine by the US or the North Atlantic Treaty Organization as its “long-term threat”. national security,” according to an intelligence brief that was sent to US infrastructure providers and government institutions and seen by The Wall Street Journal.

However, the agency said that Russia’s threshold for launching such an attack “probably remains very high and we have not seen Moscow employ these types of cyber attacks directly against critical US infrastructure.” “

The spillover happened during the Notpetya attack of 2017. According to Microsoft Corp., while more than 70% of infected computers were in Ukraine, systems in more than 60 other countries were also affected.

Viper ransomware technology is effective because the software looks on the surface as if it was created by criminals – giving the government which it created a way to deny involvement. But it’s not actually a criminal product, security officials say.

In other words, as with the NotPetya software, upon inspection it becomes clear that the software is designed to cause harm, not to make money, says Director of Threat Intelligence and Interaction with Cisco Systems Inc. Matthew Olney said.

“If you make it look like ransomware, you haven’t put any pressure on the other side, you’ve given them pain,” he said. “It’s a subtle technique.”

Russia is not the only country to adopt this strategy of disguising Viper as ransomware software. Over the past decade, Iranian hackers have been linked to a number of devastating cyber attacks, including a 2012 incident at Saudi Arabia’s national oil company. But around 2020, a state-linked group known in the cybersecurity industry as “Phosphorus” or “APT 35” took a page from the Russian playbook and began using ransomware to perpetrate devastating attacks. , according to Lior Div, chief executive officer of cybersecurity firm CyberSun.

In research released Tuesday, Cyberieson described how two Iranian hacking groups—Phosphorus and another called Moses Staff—are destroying computers in the US, Israel, Germany and other countries using ransomware. “You basically see Iranians following the same pattern,” Mr Div said.

This story has been published without modification to the text from a wire agency feed