A report by ESET research team claims that hundreds of computer systems in Ukraine were infected with a powerful malware variant that deletes data stored on Windows systems. Through its Twitter account, the firm said that the first sample of malware was detected on Wednesday afternoon and seems to have been in recent development.
The researchers mention that the wiper is cryptographically signed with a legitimate developer certificate, allowing attack operators to evade malware detection tools, going unnoticed until the final stage of the attack. In addition, malware uses various drivers to corrupt storage devices and backups.
At the moment the way in which the malware enters the affected systems has not been confirmed, although it is likely that the attack began with the active directory compromise of a Ukrainian organization. As you can guess, this campaign is considered the official start of the cyberwarfare between Russia and Ukraine.
On the other hand, Symantec specialists also reported the detection of a wiper malware in Ukraine, Estonia and Lithuania. The firm identified this malware as Win32/KillDisk.NCV. In addition to randomly deleting system data, the malware detected by Symantec also destroys the Master Boot Record (MBR), making the recovery process much more complex.
This occurred in the context of constant cyberattacks against multiple public and private organizations in Ukraine, most often attributed to Russian intelligence agencies. Cyberattacks could increase as early as Early Thursday, when Russia finally began the armed attack on Ukraine.
The reactions in this regard have not been long in coming. The United States has warned companies operating on its territory that a massive wave of cyberattacks could be experienced from Russia, this in retaliation to the economic sanctions that the West plans to impose against the administration of Vladimir Putin for its military actions.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.