Ukraine hit with destructive malware attacks amidst turmoil
The U.S. government is sounding alarms after Microsoft reported a series of attacks targeting networks in Ukraine.
The Cybersecurity and Infrastructure Security Agency (CISA) passed on warnings from the software giant over multiple discoveries of a new family of “destructive malware” that seeks to erase data on targeted systems under the guise of being a ransomware attack.
CISA warned that, unlike a normal ransomware attack that offers victims the ability to retrieve their data after paying out, the attacks seen in Ukraine simply wipe the host regardless of payment status.
The malware, referred to as WhisperGate by Microsoft, targets the master boot record (MBR) of the target and render the machine inoperable.
“According to Microsoft, powering down the victim device executes the malware, which overwrites the MBR with a ransom note; however, the ransom note is a ruse because the malware actually destroys the MBR and the targeted files,” CISA said.
The malware, according to a Microsoft blog post Saturday, is only thinly veiled as a piece of ransomware. While claiming to ask for a ransom payment, the malware corrupts all files and the MBR without any possible path for recovery.
“At present and based on Microsoft visibility, our investigation teams have identified the malware on dozens of impacted systems and that number could grow as our investigation continues,” says Microsoft
“These systems span multiple government, non-profit, and information technology organizations, all based in Ukraine.”
The attacks, which all targeted machines based in Ukraine, are likely not a coincidence. The country finds itself in crisis as Russia is threatening an invasion, and any strife between the two nations could include cyberattacks on critical infrastructure.
State-sponsored malware attacks are no longer a novel occurrence and have become the norm when nation-states come to blows. The U.S. and Israel were reportedly behind the Stuxnet attack on Iranian nuclear facilities in 2010 , and the Wannacry ransomware attacks were traced back to nation-state hackers in North Korea. WannaCry was similar to WhisperGate in that the ransomware was used as a data wiper rather than an extortion tool.
…