Security News
The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation warned US organizations that data wiping attacks targeting Ukraine could spill over to targets from other countries. Although the two malware strains have only been deployed against Ukrainian networks so far, the threat actors deploying them could also accidentally hit other targets, and US organizations should be ready to prevent such devastating attacks.
The new data wiper malware deployed on Ukrainian networks in destructive attacks on Wednesday right before Russia invaded Ukraine earlier today was, in some cases, accompanied by a GoLang-based ransomware decoy. "In several attacks Symantec has investigated to date, ransomware was also deployed against affected organizations at the same time as the wiper. As with the wiper, scheduled tasks were used to deploy the ransomware," Symantec revealed today.
Cybersecurity firms have found a new data wiper used in destructive attacks today against Ukrainian networks just as Russia moves troops into regions of Ukraine. A data wiper is malware that intentionally destroys data on a device to make the data unrecoverable and for the operating system to no longer work correctly.
The Cybersecurity and Infrastructure Security Agency urges U.S. organizations to strengthen their cybersecurity defenses against data-wiping attacks recently seen targeting Ukrainian government agencies and businesses.CISA is now urging business leaders and U.S. organizations to take the following steps to prevent similar destructive attacks on their networks.
Ukraine blames Belarus for PC-wiping 'ransomware' that has no recovery method and nukes target boxen
After last week's website defacements, Ukraine is now being targeted by boot record-wiping malware that looks like ransomware but with one crucial difference: there's no recovery method. The malware itself wipes the target Windows system's master boot record, rendering it inoperable, and its main executable is "Often" named stage1.
Microsoft is warning of destructive data-wiping malware disguised as ransomware being used in attacks against multiple organizations in Ukraine. Starting January 13th, Microsoft detected the new attacks that combined a destructive MBRLocker with a data-corrupting malware used to destroy the victim's data intentionally.