Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.
posted by janrinok on Wednesday January 19, @11:19AM   Printer-friendly [Skip to comment(s)]
from the I-hope-that-they-have-backups-no,-of-course-they-won't dept.

Microsoft Warns of Destructive Disk Wiper Targeting Ukraine

Microsoft warns of destructive disk wiper targeting Ukraine:

[...] "All data on the computer is being destroyed, it is impossible to recover it," said a message, written in Ukrainian, Russian, and Polish, that appeared late last week on at least some of the infected systems. "All information about you has become public, be afraid and expect the worst."

[...] Around the same time, Microsoft wrote in a post over the weekend, "destructive" malware with the ability to permanently destroy computers and all data stored on them began appearing on the networks at dozens of government, nonprofit, and information technology organizations, all based in Ukraine. The malware—which Microsoft is calling Whispergate—masquerades as ransomware and demands $10,000 in bitcoin for data to be restored.

But Whispergate lacks the means to distribute decryption keys and provide technical support to victims, traits that are found in virtually all working ransomware deployed in the wild. It also overwrites the master boot record—a part of the hard drive that starts the operating system during bootup.

"Overwriting the MBR is atypical for cybercriminal ransomware," members of the Microsoft Threat Intelligence Center wrote in Saturday's post. "In reality, the ransomware note is a ruse and that the malware destructs MBR and the contents of the files it targets. There are several reasons why this activity is inconsistent with cybercriminal ransomware activity observed by MSTIC."

Over the weekend, Serhiy Demedyuk, deputy head of Ukraine's National Security and Defense Council, told news outlets that preliminary findings from a joint investigation of several Ukrainian state agencies show that a threat actor group known as UNC1151 was likely behind the defacement hack. The group, which researchers at security firm Mandiant have linked to the government of Russian ally Belarus, was behind an influence campaign named Ghostwriter.

Ghostwriter worked by using phishing emails and theft domains that spoof legitimate websites such as Facebook to steal victim credentials. With control of content management systems belonging to news sites and other heavily trafficked properties, UNC1151 "primarily promoted anti-NATO narratives that appeared intended to undercut regional security cooperation in operations targeting Lithuania, Latvia, and Poland," authors of the Mandiant report wrote.

'Russian-backed' Hackers Defaced Ukrainian Websites as Cover for Dangerous Malware Attack

'Russian-backed' hackers defaced Ukrainian websites as cover for dangerous malware attack:

Malicious malware posing as ransomware has been discovered on multiple computer systems in the Ukraine following a hacking attack on Friday that targeted more than 70 government websites.

Hackers exploited a known vulnerability in a content management system used by government agencies and other organisations to deface websites with threatening messages written in Ukrainian, Polish and Russian.

The Ukrainian government has blamed a Russian-influenced hacking group for defacing government websites with messages warning Ukrainians "to expect the worst".

But it emerged over the weekend that Friday's attacks appeared to have been a distraction exercise to divert attention from more serious malware implanted on Ukrainian government and commercial computer systems.

Microsoft disclosed over the weekend that it had detected "destructive malware" on dozens of computer systems belonging to Ukrainian agencies and organisations, including IT companies, that work closely with the Ukrainian government.

The malware, first detected on 13 January 2020, masquerades as ransomware, but is designed to destroy information on infected computer systems without offering victims the ability to recover the data in return for a ransom payment.


Original Submission #1Original Submission #2

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Insightful) by Gaaark on Wednesday January 19, @11:31AM (2 children)

    by Gaaark (41) on Wednesday January 19, @11:31AM (#1213820) Journal

    Gaaark warns never use Microsoft Windows.

    --
    --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
    • (Score: 2, Touché) by shrewdsheep on Wednesday January 19, @02:49PM (1 child)

      by shrewdsheep (5215) on Wednesday January 19, @02:49PM (#1213847)

      ... such you never have to cry out: Gaaaaaaaaaaaaaaaaaaaaaaaaaaaaaark?

      • (Score: 2) by Gaaark on Wednesday January 19, @09:54PM

        by Gaaark (41) on Wednesday January 19, @09:54PM (#1213957) Journal

        Khaaaaaaaaaaaaaaaaaaaaaaaaannnnnnnnnnnnnnn!

        --
        --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
  • (Score: 1, Funny) by Anonymous Coward on Wednesday January 19, @11:36AM

    by Anonymous Coward on Wednesday January 19, @11:36AM (#1213821)

    Microsoft Warns of Destructive Disk Wiper

    That's no way to talk about Windows... I don't like that product one bit but come on, at least give your Ukrainian sales drones a chance by putting lipstick on that pig^W^Whow you refer to your product.

  • (Score: 3, Insightful) by crafoo on Wednesday January 19, @01:32PM (3 children)

    by crafoo (6639) on Wednesday January 19, @01:32PM (#1213832)

    Hackers exploited a known vulnerability in a content management system used by government agencies and other organisations

    So government incompetence is the root of the failure, here.

    • (Score: 3, Touché) by khallow on Wednesday January 19, @02:44PM (2 children)

      by khallow (3766) Subscriber Badge on Wednesday January 19, @02:44PM (#1213845) Journal
      Well that and coordinated attacks by hackers.
      • (Score: 0) by Anonymous Coward on Wednesday January 19, @05:23PM (1 child)

        by Anonymous Coward on Wednesday January 19, @05:23PM (#1213878)

        Stupid govt can't defend itself against hackers. Bah.

        • (Score: 0) by Anonymous Coward on Wednesday January 19, @07:33PM

          by Anonymous Coward on Wednesday January 19, @07:33PM (#1213909)

          way to blame the victim

  • (Score: 3, Informative) by DannyB on Wednesday January 19, @04:18PM (3 children)

    by DannyB (5839) Subscriber Badge on Wednesday January 19, @04:18PM (#1213863) Journal

    Microsoft should start by warning people of the dangers of using Microsoft products.

    • Microsoft software brings lots of vulnerabilities
    • Microsoft software has lowest TCO (Total Cost of PWNership)
    --
    I had some thoughts about lasers, but they were incoherent.
    • (Score: 2) by Gaaark on Wednesday January 19, @09:57PM

      by Gaaark (41) on Wednesday January 19, @09:57PM (#1213958) Journal

      and Billy Gates said Linux was a toy operating system. Big LOL there.

      --
      --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
    • (Score: 0) by Anonymous Coward on Thursday January 20, @02:46AM (1 child)

      by Anonymous Coward on Thursday January 20, @02:46AM (#1214036)

      I know that everyone loves to crap on Windows, but there is a reason it holds the position it does. Many people were exposed to computers using Windows as part of their first computing experience. You can't go out and buy a Dell, HP, nor Lenovo laptop with Mac OS or IOS, because Apple won't let you. Which local stores sell BSD or Linux laptops? Will all your software run on non Windows systems? Linux is nice, but is not where it needs to be for mass adoption from people who lack sufficient knowledge about it. If you want to supplant Windows you need to make the replacements better, easier, and more accessible. Including popular software.

      • (Score: 2) by DannyB on Thursday January 20, @02:34PM

        by DannyB (5839) Subscriber Badge on Thursday January 20, @02:34PM (#1214158) Journal

        Everything you said
        1) is true
        2) is very old news

        I don't care if Linux supplants Windows. (If it did, I would be happy.) The thing I once was most concerned about is now mostly a non issue. Linux has succeeded wildly. It is everywhere and in everything. Everyone has more Linux computers in their homes and on their person, than they have Windows computers. Microsoft can no longer stop Linux or open source. In fact, Microsoft has had to embrace both. Trying to stop Linux and open source was like standing on the beach and trying to stop the incoming tide with your hands.

        --
        I had some thoughts about lasers, but they were incoherent.
  • (Score: 3, Insightful) by PinkyGigglebrain on Wednesday January 19, @04:25PM (3 children)

    by PinkyGigglebrain (4458) on Wednesday January 19, @04:25PM (#1213865)

    Hackers exploited a known vulnerability in a content management system ...

    When was it patched?

    The malware, first detected on 13 January 2020, ...

    And it is still a threat?

    My opinion.

    If it has been patched then only the incompetence/idiocy of admins and private users are to blame for this still being a problem since the patch was released. And if people lose their stuff I'm not going to feel sorry for them unless there are some seriously good mitigating circumstances that prevented them from installing the patch.

    If it hasn't been patched then it is Microsoft's fault for not fixing a known vulnerability that allows something like this to happen and they should be held accountable, not going to happen of course but one can dream.

    /My opinion

    --
    "Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
    • (Score: 0) by Anonymous Coward on Wednesday January 19, @05:26PM

      by Anonymous Coward on Wednesday January 19, @05:26PM (#1213879)

      People turned off updates to prevent Billy Boy spreading his COVID mind control chips on their computer. Is that reasonable???

    • (Score: 4, Interesting) by maxwell demon on Wednesday January 19, @06:05PM

      by maxwell demon (1608) on Wednesday January 19, @06:05PM (#1213890) Journal

      If it hasn't been patched then it is Microsoft's fault

      Repeating the quote from your comment, with emphasis added:

      Hackers exploited a known vulnerability in a content management system

      Thus Microsoft is only responsible for the bug if they wrote the content management system. Well, the summary doesn't tell, so let's look into TFA:

      The defacement attacks on Friday exploited unpatched versions of an open-source content management system “October CMS” which was supported by Ukrainian software company Kitsoft and other IT companies.

      The Kiev-based IT company supplied services to government agencies and organisations in Ukraine.

      Doesn't sound like a Microsoft product to me.

      --
      The Tao of math: The numbers you can count are not the real numbers.
    • (Score: 2) by Gaaark on Wednesday January 19, @10:00PM

      by Gaaark (41) on Wednesday January 19, @10:00PM (#1213959) Journal

      That's what gets me; people say they use Microsoft products over free software so then they can hold someone accountable, but when was the last time you heard Microsoft taking the blame for something and actually paying out big bucks for their error? They'll just say "F... you, read your EULA".

      --
      --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(1)