Security News

Russia is positioned for a hot-war attack on Ukraine that the Biden administration warned could come "At any point" - but the country is already suffering an attack of a different kind. The perpetrators are taking pains to make the attacks look like a ransomware attack, even providing a ransom note.

The coordinated cyberattacks targeting Ukrainian government websites and the deployment of a data-wiper malware called WhisperGate on select government systems are part of a broader wave of malicious activities aimed at sabotaging critical infrastructure in the country. "The attack used vulnerabilities in the site's content management systems and Log4j, as well as compromised accounts of employees of the development company," the SSU said, corroborating prior disclosure from the Ukraine CERT team.

After last week's website defacements, Ukraine is now being targeted by boot record-wiping malware that looks like ransomware but with one crucial difference: there's no recovery method. The malware itself wipes the target Windows system's master boot record, rendering it inoperable, and its main executable is "Often" named stage1.

In the wake of last week's attention-grabbing defacements of many Ukrainian government websites, Microsoft researchers have revealed evidence of a malware operation targeting multiple organizations in Ukraine, deploying what seems to be ransomware but is actually Master Boot Records wiper malware. Late on Saturday, Microsoft shared information and IOCs related to a malware campaing targeting Ukrainian organizations.

Microsoft is warning of destructive data-wiping malware disguised as ransomware being used in attacks against multiple organizations in Ukraine. Starting January 13th, Microsoft detected the new attacks that combined a destructive MBRLocker with a data-corrupting malware used to destroy the victim's data intentionally.

Ukrainian police authorities have nabbed five members of a gang that's believed to have helped orchestrate attacks against more than 50 companies across Europe and the U.S and caused losses to the tune of more than $1 million. The Cyber Police of the National Police of Ukraine said the group offered a "Hacker service" that enabled financially motivated crime syndicates to send phishing emails containing file-encrypted malware to lock confidential data pertaining to its victims, demanding that the targets pay cryptocurrency ransoms in return for restoring access to the files.

A "Massive" cyber attack on Ukraine caught the world's eye this morning as the country's foreign ministry said its website, among others, had been taken down by unidentified hackers. Ukraine itself held off on attribution, with a foreign ministry spokesman telling the Reuters newswire it was too early to say who was responsible - but adding Russia has done similar things in the past.

Both Russia and Ukraine are preparing for military operations in cyberspace.

Europol, the European Union's premier law enforcement agency, has announced the arrest of a third Romanian national for his role as a ransomware affiliate suspected of hacking high-profile organizations and companies and stealing large volumes of sensitive data. It's not currently known which ransomware gang the suspect was working with, but the development comes a little over a month after Romanian authorities arrested two affiliates of the REvil ransomware family, who are believed to have orchestrated no fewer than 5,000 ransomware attacks and extorted close to $600,000 from victims.

Ukrainian law enforcement arrested 51 suspects believed to have been selling stolen personal data on hacking forums belonging to hundreds of millions worldwide, including Ukraine, the US, and Europe. "As a result of the operation, about 100 databases of personal data relevant for 2020-2021 were seized," the Cyberpolice Department of the National Police of Ukraine said.