Researchers at ESET reported that hundreds of computers in Ukraine had been infected with data-wiping malware.
Cybersecurity firms ESET and Broadcom’s Symantec have discovered that a new data-wiper malware is used against hundreds of machines as Russian forces launched a full-scale military operation against Ukraine.
The Slovak company named it HermeticWiper (or killDisk.NCV), and it is believed that it has been ongoing for about two months. The malware was installed on hundreds of machines in Ukraine.
The data wiper persuades antivirus tools and users to trust it as it is signed cryptographically with a legit and stolen development certificate.
The malware destroys files on infected systems and corrupts storage devices from a partitioning program. The malware wipes files from the drives and destroys the MBR, which makes booting and recovery impossible or difficult.
The scale and the impact of the data-wiping attacks are not entirely clear, and the identity of the threat actor behind the infections is unknown. This development marks the second time in the year that a malware has been deployed on Ukrainian computer systems. The first was the Whisper Gate Operation in mid-January.
The attack also follows the disruption of many Ukrainian websites by a massive wave of distributed denial-of-service attacks (DDoS). It knocked out online portals for the cabinet of ministers, the ministry of foreign affairs, and the country’s parliament.
Two of the largest Ukrainian banks and the websites of the Ukrainian ministry of defense and armed forces were disrupted as a result of a DDoS attack from unknown actors.
Furthermore, information systems that belong to Ukraine’s state institutions are said to have been unsuccessfully targeted, with about 121 cyberattacks in January 2020 alone.
Cybercriminals plan to capitalize on the current political tension on the dark web by advertising databases containing information on Ukrainian citizens to gain high profit.
The Ukrainian law enforcement authority paints the attacks as an effort to spread anxiety, cripple the state’s confidence in its ability to defend citizens, and undermine its unity, following the series of disruptive cyberattacks since the beginning of the year.
In the broader context, Russia invaded an area of eastern Ukraine this week to protect two separatist regions of Ukraine. This triggered US sanctions against Moscow. As a result, American business owners and organizations are warned to prepare for cyberattacks from Russia in retaliation for the sanctions and the white house’s opposition to Vladimir Putin’s invasion of Ukraine.