/* ---- Google Analytics Code Below */

Saturday, February 26, 2022

Ransomware used in Ukraine Attacks

Such tools will likely become tools in other kinds of cyberattacks.

Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine in SecurityWeek  By Ionut Arghire

The cyberattacks employed HermeticWiper, a piece of malware that was designed solely to damage the Master Boot Record (MBR) of the target system, rendering the machine unusable.

Once executed, the wiper adjusts its settings to gain read access control to any file, then gains the privileges required to load and unload device drivers, disables crash dumps to cover its tracks, disables the Volume Shadow Service (VSS), and loads a benign partition manager which it abuses to corrupt the MBR.

The wiper uses different corruption methods based on the version of Windows running on the machine and partition type (FAT or NTFS). HermeticWiper can damage both MBR and GPT drives and triggers a system reboot to complete the data wiping process, researchers with Cisco’s Talos division note.

Although executed on February 23, hours before Russia launched an invasion of Ukraine, the attacks appear to have been in preparation for months.

The network of one organization in Ukraine was compromised on December 23, 2021, with a web shell installed on January 16, more than one month before HermeticWiper was deployed, Symantec reports. .... ' 

No comments: