Ukrainian Authorities Block Another Planned Ransomware Attack
Ukrainian officials announced this week they have detected and blocked a third ransomware attack following the burst of the WannaCry and Petya ransomware infections that hit numerous computers earlier this year.
According to a post on Facebook made by Ukrainian Interior Minister Arsen Avakov, the new major attack was set to take place last week. The hacking attempts were firstly detected on June 27 at 13:40 pm though they were supposed to reach their peak at 4 pm, targeting both businesses and public institutions in Ukraine. The crooks managed to find some victims before being blocked by the cyber security specialists of the country. Fortunately, the campaign was stopped before it could spread any further and impose huge damage on the affected machines and networks.
The police in Ukraine reported it had received over 2,000 reports of cyber attacks from this new ransomware and 66 new criminal cases were opened as a result of the incident.
The researchers initially thought that the new wave of attacks is spreading the well-known Petya ransomware, yet soon they realized it is a new type of malware which the cyber security firm Kaspersky lab dubbed "ExPetr." At the same time, another company claims the new infection is, in fact, not ransomware but rather a wiper type of malware that the hackers have developed with the purpose of destroying data on the infected computers. So far, it is known that the attackers spread the malware through the accounting software M.E.doc.
The Ukrainian company that developed M.E.doc. rejected all the accusations though, saying it had invited the cyber security experts into its offices, handing over to the investigator's logs and reserve copies from its servers to prove that they were clean. In addition, the company claims it has itself become a victim of the malware attacks.
After the seized computers and servers were investigated, the Ukrainian police authorities again stated that there are some first indications that the attacks originated from hackers supported by the Russian government. Though the Russian President Putin recently denied any participation of Russian state-sponsored cybercriminals in the previous ransomware campaigns, these suspicions have also been supported by the North Atlantic Treaty Organization (NATO). NATO even warned that such severe cyber attacks that target the systems of governments could have consequences comparable to that of an armed military attack. In that respect, such campaign could be considered a violation of sovereignty and, respectively, trigger Article 5 of the treaty's code.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.