Ransomware attack on Ukraine’s ministry isn’t anything like NotPetya
24 April 2018
Less than a year after suspected Russian hackers launched the destructive NotPetya cyber attack on Ukrainian businesses, banks, media organisations, transport, telecommunications, and energy departments, the Ukrainian energy and coal ministry suffered a ransomware attack that resulted in the shutting down of its website.
According to Reuters, the latest ransomware attack only targeted the energy and coal ministry and no other government websites were targeted. Heckers behind the attack have reportedly asked the ministry to pay ransom in Bitcoin to regain control over its website.
The ministry told Reuters that its specialists are working on the issue but nobody knows how long it will take to resolve it. The ministry’s email accounts have not been targeted by hackers as yet.
Chris Doman, a security researcher at AlienVault, told TEISS News that while cyber attacks launched on Ukraine impersonated ransomware to cover their true aim of pure destruction, a look into the recent ransomware attack suggests that it is not the case this time.
“What has probably happened here is that a hacktivist has hacked the site for fun, then the criminal ransomware attacker has used their backdoor to try and make some money.
“They appear to have done the same with a Russian website ( faneurope[.]ru ), and you can see a hacktivist reported hacking the site then the same criminal attacker added their ransomware payment screen to it – http://www.zone-h.org/mirror/id/30823922,” he added.
“Websites continue to be the soft underbelly of any entity on the internet. Luckily, in this case, it is an attack against the energy ministry website rather than an attack against the energy grid itself,” said James Brown, global vice president, technology solutions at Alert Logic.
“However, it does raise the issue that even high profile government ministries can be targeted. Ransomware was very much in the press over the last two years, however we are seeing a move away from ransomware to cryptocurrency mining which is proving to be more profitable for criminals than trying to extort money by encrypting files. However it is a high profile embarrassment for a government department to be caught out like this,” he added.
Nothing like NotPetya
The fact that the new attack is nothing like last year’s NotPetya attack should allow Ukrainian authorities to breathe a sigh of relief. The NotPetya attack, which took place between June and July last year, was conducted by suspected Russian hackers who hacked into a software that was used by over 80 percent of businesses in Ukraine for tax filing purposes. The software was also used by the country’s banks, media organisations, transport, telecommunications, and energy departments.
The cyber attack also affected operations at global firms like Danish shipping company Maersk, Russian oil giant Rosneft, aircraft manufacturer Antonov, US pharmaceutical giant Merck as well as its subsidiary Merck Sharp & Dohme (MSD) in the UK. According to the Foreign Office, the Russian military was squarely responsible for planning and launching the NotPetya cyber attack last year.
Back in February, White House press secretary Sarah Sanders said that last year’s cyber attack was ‘part of the Kremlin’s ongoing effort to destabilise Ukraine and demonstrated ever more clearly Russia’s involvement in the ongoing conflict’. She added that NotPetya was ‘a reckless and indiscriminate cyber-attack that will be met with international consequences’.