• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
microsoft warns full scope of ukraine cyber attacks ‘not fully

Microsoft warns full scope of Ukraine cyber attacks ‘not fully realised’

You are here: Home / General Cyber Security News / Microsoft warns full scope of Ukraine cyber attacks ‘not fully realised’
January 17, 2022

Shutterstock

Microsoft has investigated the cyber attacks in Ukraine and revealed evidence of a qualified malware campaign that disguises itself as ransomware, but features no recourse for victims to recuperate their info. 

The so-known as ‘fake ransomware’ was examined by Microsoft’s Danger Intelligence Middle (MSTIC), which concluded that the “harmful malware” was made to render specific devices inoperable rather than to draw in a ransom payment.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Microsoft’s evaluation of the malware revealed other inconsistencies concerning it and classic ransomware. When a ransom sum and cryptocurrency wallet handle are provided, the way in which the malware is developed suggests victims would not be capable to get well their details even if they did spend to $10,000 ransom demanded in the take note.

An image of the ransom note found on victim machines in Ukraine

Microsoft

MSTIC stated the malware works by overwriting the Learn Boot History (MBR) on victim units, leaving a ransom observe (previously mentioned). The MBR is the portion of a challenging drive that tells the laptop or computer how to load its running process.

Overwriting the MBR is not common with financially motivated ransomware operators since a destructed MBR means data files are wrecked with no system for restoration. If this were being the scenario with standard ransomware, there would be no commitment to spend.

Other differences involving the malware hitting Ukraine and ransomware contain a uniform ransom demand – ordinarily these are tailored to each sufferer, a lack of client ID variety in the note, and the interaction process currently being over the Tox encrypted messaging protocol – commonly victims are directed to a dark web site owned by the ransomware operator in which they can seek out help.

The investigation into the attack is ongoing but MSTIC suggested the existing malware infection may possibly keep on to spread over and above the “dozens” of devices that are presently affected. Mentioned equipment span sectors like federal government, non-earnings, and IT organisations.

MSTIC also explained it can be at this time doubtful at what phase in the attackers’ operational cycle they are currently or how quite a few other victims there may be throughout the state, but the scale of the attack most possible is just not fully realised at current. 

“Supplied the scale of the noticed intrusions, MSTIC is not capable to evaluate intent of the identified damaging steps but does believe these steps depict an elevated risk to any governing administration agency, non-gain or company found or with units in Ukraine,” stated MSTIC in a site write-up. 

“We strongly encourage all organisations to right away carry out a comprehensive investigation and to carry out defences making use of the information and facts supplied in this article. MSTIC will update this website as we have further details to share.”

Geopolitical tensions in the area

The revelations shed far more light on the issue initially claimed very last week and observe a prolonged interval of unproductive talks, held lately in Geneva, between the US and Russia on the matter of Ukraine.

Most recently, Ukraine officers have explained they think Belarus, a near ally of Russia, is at the rear of the wave of cyber attacks on the nation, introducing that the malware applied bears resemblance to similar strains earlier used by Russian intelligence, Reuters reported.

Ukraine and Russia have been locked in a war above territory due to the fact 2014 and there are powerful fears that Russia, which has amassed troops at the Ukrainian border, may perhaps invade Ukraine as a consequence of the conflict.

Russia is desperately seeking to stop Ukraine from joining European establishments these kinds of as Nato, a desire the West rejects. A war amongst the two nations is not considered to be imminent, but tensions are arguably at the best they have been in decades. 


Some parts of this posting are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News Former Inspector General Pleads Guilty to Software Theft
Next Post: Russia’s “politically motivated” REvil raid could be used as leverage, experts warn russia's "politically motivated" revil raid could be used as leverage,»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Linux botnet spreads using Log4Shell flaw
  • Another Destructive Wiper Targets Organizations in Ukraine
  • New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw
  • New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers
  • FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
  • Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters
  • NortonLifeLock and Avast merger could reduce competition, CMA warns
  • Thousands of Mobile Apps Expose User Data Via Cloud Misconfigurations
  • NSW ditches e-voting system for 2023 election
  • Kaspersky Hits Back at “Politically Motivated” BSI Advisory

Copyright © TheCyberSecurity.News, All Rights Reserved.