Security News > 2022 > February > Ransomware used as decoy in data-wiping attacks on Ukraine

The new data wiper malware deployed on Ukrainian networks in destructive attacks on Wednesday right before Russia invaded Ukraine earlier today was, in some cases, accompanied by a GoLang-based ransomware decoy.

"In several attacks Symantec has investigated to date, ransomware was also deployed against affected organizations at the same time as the wiper. As with the wiper, scheduled tasks were used to deploy the ransomware," Symantec revealed today.

"It appears likely that the ransomware was used as a decoy or distraction from the wiper attacks. This has some similarities to the earlier WhisperGate wiper attacks against Ukraine, where the wiper was disguised as ransomware."

As Microsoft disclosed in January, a destructive data-wiping malware dubbed WhisperGate and camouflaged as ransomware was used in attacks targeting Ukrainian organizations.

Yesterday's malware attacks came together with DDoS attacks against Ukrainian government agencies and state-owned banks, similar to the one used last week when similar DDoS disruptions affected Ukrainian government sites and banks.

While the Wednesday attacks have not been attributed, the White House linked last week's DDoS attacks to Russia's Main Directorate of the General Staff of the Armed Forces.

News URL

https://www.bleepingcomputer.com/news/security/ransomware-used-as-decoy-in-data-wiping-attacks-on-ukraine/