Ukraine accuses Russia of Cyberattacks
A number of government websites and non-profit organizations in Ukraine were hit by cyberattacks last week. These attacks are extremely destructive because they wipe disk data. After the attack, the Microsoft security team actively helped Ukraine to deal with the attack, but it is almost impossible to restore the data damaged by the virus that has been infected before. “The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable,” Tom Burt, corporate vice president of customer security and trust at Microsoft, said. Ukraine has accused Russia of being behind the cyberattack, but Microsoft is cautious and has not traced the source or disclosed the attackers. But Microsoft has warned government agencies, non-profit, or enterprises located or with systems in Ukraine to be wary of malicious malware in the cyberattacks, which masquerades as ransomware but actually wipes all disk data.
The malware, called Whispergate, was deployed to various Ukrainian government websites, and after successful deployment, the attackers popped up a message saying that all data had been encrypted.
Before encryption, the attackers claimed to have uploaded the data to a server they controlled, and the data would be released if the victim did not pay a ransom of $10,000. The malicious activity is “inconsistent” with cybercriminal ransomware activity for reasons that “explicit payment amounts and cryptocurrency wallet addresses are rarely specified in modern criminal ransom notes” and “the ransom note in this case does not include a custom ID,” Microsoft said. That is to say, after all data is encrypted, it is impossible to recover at all, even if the ransom is paid, and the software will overwrite the master boot record through MBR. Coupled with the fact that it is completely impossible to recover these data with disk wiping tools, it is obvious that the only purpose of the attacker is to destroy as much as possible and not to ask for money.
Immediately after the attack, Ukraine blamed Russia for the attack, which Russia naturally denied, Russia was not involved in any cyberattack. However, it is not accurate to attribute the culprit behind the attack as soon as it occurs. After all, this may only be determined after investigation and source tracing by security companies and security experts. Therefore, Microsoft did not blame specific attackers in the report, of course, it is also possible that Microsoft did not want to point out the culprits behind it, so as not to affect its business.