from the I-hope-that-they-have-backups-no,-of-course-they-won't dept.
Microsoft Warns of Destructive Disk Wiper Targeting Ukraine
Microsoft warns of destructive disk wiper targeting Ukraine:
[...] "All data on the computer is being destroyed, it is impossible to recover it," said a message, written in Ukrainian, Russian, and Polish, that appeared late last week on at least some of the infected systems. "All information about you has become public, be afraid and expect the worst."
[...] Around the same time, Microsoft wrote in a post over the weekend, "destructive" malware with the ability to permanently destroy computers and all data stored on them began appearing on the networks at dozens of government, nonprofit, and information technology organizations, all based in Ukraine. The malware—which Microsoft is calling Whispergate—masquerades as ransomware and demands $10,000 in bitcoin for data to be restored.
But Whispergate lacks the means to distribute decryption keys and provide technical support to victims, traits that are found in virtually all working ransomware deployed in the wild. It also overwrites the master boot record—a part of the hard drive that starts the operating system during bootup.
"Overwriting the MBR is atypical for cybercriminal ransomware," members of the Microsoft Threat Intelligence Center wrote in Saturday's post. "In reality, the ransomware note is a ruse and that the malware destructs MBR and the contents of the files it targets. There are several reasons why this activity is inconsistent with cybercriminal ransomware activity observed by MSTIC."
Over the weekend, Serhiy Demedyuk, deputy head of Ukraine's National Security and Defense Council, told news outlets that preliminary findings from a joint investigation of several Ukrainian state agencies show that a threat actor group known as UNC1151 was likely behind the defacement hack. The group, which researchers at security firm Mandiant have linked to the government of Russian ally Belarus, was behind an influence campaign named Ghostwriter.
Ghostwriter worked by using phishing emails and theft domains that spoof legitimate websites such as Facebook to steal victim credentials. With control of content management systems belonging to news sites and other heavily trafficked properties, UNC1151 "primarily promoted anti-NATO narratives that appeared intended to undercut regional security cooperation in operations targeting Lithuania, Latvia, and Poland," authors of the Mandiant report wrote.
'Russian-backed' Hackers Defaced Ukrainian Websites as Cover for Dangerous Malware Attack
'Russian-backed' hackers defaced Ukrainian websites as cover for dangerous malware attack:
Malicious malware posing as ransomware has been discovered on multiple computer systems in the Ukraine following a hacking attack on Friday that targeted more than 70 government websites.
Hackers exploited a known vulnerability in a content management system used by government agencies and other organisations to deface websites with threatening messages written in Ukrainian, Polish and Russian.
The Ukrainian government has blamed a Russian-influenced hacking group for defacing government websites with messages warning Ukrainians "to expect the worst".
But it emerged over the weekend that Friday's attacks appeared to have been a distraction exercise to divert attention from more serious malware implanted on Ukrainian government and commercial computer systems.
Microsoft disclosed over the weekend that it had detected "destructive malware" on dozens of computer systems belonging to Ukrainian agencies and organisations, including IT companies, that work closely with the Ukrainian government.
The malware, first detected on 13 January 2020, masquerades as ransomware, but is designed to destroy information on infected computer systems without offering victims the ability to recover the data in return for a ransom payment.
Related Stories
The Biden administration on Tuesday warned the nation's governors that drinking water and wastewater utilities in their states are facing "disabling cyberattacks" by hostile foreign nations that are targeting mission-critical plant operations.
"Disabling cyberattacks are striking water and wastewater systems throughout the United States," Jake Sullivan, assistant to the president for National Security Affairs, and Michael S. Regan, administrator of the Environmental Protection Agency, wrote in a letter. "These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities."
[...] The letter extended an invitation for secretaries of each state's governor to attend a meeting to discuss better securing the water sector's critical infrastructure. It also announced that the EPA is forming a Water Sector Cybersecurity Task Force to identify vulnerabilities in water systems. The virtual meeting will take place on Thursday.
"EPA and NSC take these threats very seriously and will continue to partner with state environmental, health, and homeland security leaders to address the pervasive and challenging risk of cyberattacks on water systems," Regan said in a separate statement.
(Score: 5, Insightful) by Gaaark on Wednesday January 19 2022, @11:31AM (2 children)
Gaaark warns never use Microsoft Windows.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2, Touché) by shrewdsheep on Wednesday January 19 2022, @02:49PM (1 child)
... such you never have to cry out: Gaaaaaaaaaaaaaaaaaaaaaaaaaaaaaark?
(Score: 2) by Gaaark on Wednesday January 19 2022, @09:54PM
Khaaaaaaaaaaaaaaaaaaaaaaaaannnnnnnnnnnnnnn!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 1, Funny) by Anonymous Coward on Wednesday January 19 2022, @11:36AM
That's no way to talk about Windows... I don't like that product one bit but come on, at least give your Ukrainian sales drones a chance by putting lipstick on that pig^W^Whow you refer to your product.
(Score: 3, Insightful) by crafoo on Wednesday January 19 2022, @01:32PM (3 children)
So government incompetence is the root of the failure, here.
(Score: 3, Touché) by khallow on Wednesday January 19 2022, @02:44PM (2 children)
(Score: 0) by Anonymous Coward on Wednesday January 19 2022, @05:23PM (1 child)
Stupid govt can't defend itself against hackers. Bah.
(Score: 0) by Anonymous Coward on Wednesday January 19 2022, @07:33PM
way to blame the victim
(Score: 3, Informative) by DannyB on Wednesday January 19 2022, @04:18PM (3 children)
Microsoft should start by warning people of the dangers of using Microsoft products.
The lower I set my standards the more accomplishments I have.
(Score: 2) by Gaaark on Wednesday January 19 2022, @09:57PM
and Billy Gates said Linux was a toy operating system. Big LOL there.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Thursday January 20 2022, @02:46AM (1 child)
I know that everyone loves to crap on Windows, but there is a reason it holds the position it does. Many people were exposed to computers using Windows as part of their first computing experience. You can't go out and buy a Dell, HP, nor Lenovo laptop with Mac OS or IOS, because Apple won't let you. Which local stores sell BSD or Linux laptops? Will all your software run on non Windows systems? Linux is nice, but is not where it needs to be for mass adoption from people who lack sufficient knowledge about it. If you want to supplant Windows you need to make the replacements better, easier, and more accessible. Including popular software.
(Score: 2) by DannyB on Thursday January 20 2022, @02:34PM
Everything you said
1) is true
2) is very old news
I don't care if Linux supplants Windows. (If it did, I would be happy.) The thing I once was most concerned about is now mostly a non issue. Linux has succeeded wildly. It is everywhere and in everything. Everyone has more Linux computers in their homes and on their person, than they have Windows computers. Microsoft can no longer stop Linux or open source. In fact, Microsoft has had to embrace both. Trying to stop Linux and open source was like standing on the beach and trying to stop the incoming tide with your hands.
The lower I set my standards the more accomplishments I have.
(Score: 3, Insightful) by PinkyGigglebrain on Wednesday January 19 2022, @04:25PM (3 children)
When was it patched?
And it is still a threat?
My opinion.
If it has been patched then only the incompetence/idiocy of admins and private users are to blame for this still being a problem since the patch was released. And if people lose their stuff I'm not going to feel sorry for them unless there are some seriously good mitigating circumstances that prevented them from installing the patch.
If it hasn't been patched then it is Microsoft's fault for not fixing a known vulnerability that allows something like this to happen and they should be held accountable, not going to happen of course but one can dream.
/My opinion
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
(Score: 0) by Anonymous Coward on Wednesday January 19 2022, @05:26PM
People turned off updates to prevent Billy Boy spreading his COVID mind control chips on their computer. Is that reasonable???
(Score: 4, Interesting) by maxwell demon on Wednesday January 19 2022, @06:05PM
Repeating the quote from your comment, with emphasis added:
Thus Microsoft is only responsible for the bug if they wrote the content management system. Well, the summary doesn't tell, so let's look into TFA:
Doesn't sound like a Microsoft product to me.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Gaaark on Wednesday January 19 2022, @10:00PM
That's what gets me; people say they use Microsoft products over free software so then they can hold someone accountable, but when was the last time you heard Microsoft taking the blame for something and actually paying out big bucks for their error? They'll just say "F... you, read your EULA".
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---