Security News > 2022 > January > Ukraine blames Belarus for PC-wiping 'ransomware' that has no recovery method and nukes target boxen

Ukraine blames Belarus for PC-wiping 'ransomware' that has no recovery method and nukes target boxen
2022-01-17 16:24

After last week's website defacements, Ukraine is now being targeted by boot record-wiping malware that looks like ransomware but with one crucial difference: there's no recovery method.

The malware itself wipes the target Windows system's master boot record, rendering it inoperable, and its main executable is "Often" named stage1.

The malware comes after a high-profile website defacement on Friday 14 January that affected a number of Ukrainian government sites.

An unpatched 6.4-rated CVE in October CMS, the government's preferred website content management system, was what let the attackers in.

He told Reuters it was threat group UNC1151, aka info ops group Ghostwriter, saying: "This is a cyber-espionage group affiliated with the special services of the Republic of Belarus The malicious software used to encrypt some government servers is very similar in its characteristics to that used by the ATP-29 group".

If Belarus, which recently tightened its political ties with Russia, is carrying out cyber attacks directed by Russia and using Russian tools, this adds another dimension to the simmering conflict in Ukraine.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/01/17/ukraine_pc_wiping_malware_belarus_accusations/