Security News > 2022 > February > Ransomware used as decoy in data-wiping attacks on Ukraine
The new data wiper malware deployed on Ukrainian networks in destructive attacks on Wednesday right before Russia invaded Ukraine earlier today was, in some cases, accompanied by a GoLang-based ransomware decoy.
"In several attacks Symantec has investigated to date, ransomware was also deployed against affected organizations at the same time as the wiper. As with the wiper, scheduled tasks were used to deploy the ransomware," Symantec revealed today.
"It appears likely that the ransomware was used as a decoy or distraction from the wiper attacks. This has some similarities to the earlier WhisperGate wiper attacks against Ukraine, where the wiper was disguised as ransomware."
As Microsoft disclosed in January, a destructive data-wiping malware dubbed WhisperGate and camouflaged as ransomware was used in attacks targeting Ukrainian organizations.
Yesterday's malware attacks came together with DDoS attacks against Ukrainian government agencies and state-owned banks, similar to the one used last week when similar DDoS disruptions affected Ukrainian government sites and banks.
While the Wednesday attacks have not been attributed, the White House linked last week's DDoS attacks to Russia's Main Directorate of the General Staff of the Armed Forces.
News URL
Related news
- Critical SonicWall SSLVPN bug exploited in ransomware attacks (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Port of Seattle hit by Rhysida ransomware in August attack (source)
- AutoCanada says ransomware attack "may" impact employee data (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)