Disruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russia’s wider effort to undermine Ukraine’s sovereignty, according to analysts.
Russia is positioned for a hot-war attack on Ukraine that the Biden administration warned could come “at any point” — but the country is already suffering an attack of a different kind. A sweeping malware campaign remains ongoing, which experts agree is intended to permanently disrupt organizations across the country and paint Ukraine as a failed state.
The cyberattacks represent a coordinated destructive malware operation which has already impacted dozens of systems across the country, according to an alert from the Microsoft Threat Intelligence Center (MCTIC) this week.
The cyberattacks on organizations across Ukraine started on Jan. 13, according to MCTIC, and based on the team’s assessment, the malware is a Master Boot Record (MBR) wiper. The destructor, which Microsoft has named WhisperGate, has already been used against government systems, non-profit organizations and IT companies in Ukraine, the report warned.
The perpetrators are taking pains to make the attacks look like a ransomware attack, even providing a ransom note. However, the reality is that “the ransomware note is a ruse and…the