Ransomware contaminates Ukraine energy ministry website

April 26, 2018

 

Hackers have utilized illegal computer software to take the website of Ukraine’s energy ministry offline as well as encrypt its files.

Currently, the website contains a message written in English, requiring a payment of 0.1 bitcoin – worth $927.86 (£664.98) by today’s exchange rate.

Yulia Kvitko, Ukranian cyber-police spokeswoman said the attack is an “isolated occurrence” and no other government websites have been impacted.

She added that the energy ministry’s electronic mail system was still up and operating.

“This case isn’t large-scale. If required, we are prepared to react and help,” said Ms. Kvitko.

“Our experts are working right now… We don’t know how long it will take to solve the problem.”

Hacker ‘opportunists’

As per cyber-security research company AlienVault, the hackers behind this cyber-attack have earlier undermined other websites, however, they have just made roughly £100 from their efforts.

AlienVault thinks the energy ministry website has been infected by two different hackers – the first hacker, who signs his name “X-Zakaria” at the bottom of the webpage, just defaced the website.

The safety company thinks that a second hacker then came along, encoded the website’s files, and added a ransomware screen as well as payment particulars.

“What has possibly occurred here is that a hacktivist has hacked the site for enjoyment, then the criminal ransomware attacker has utilized their backdoor, which you can see at the bottom of the page, to try and make some money,” AlienVault safety scientist Chris Doman told the BBC.

He said that it was possible that these hackers were laypersons, instead of nation-state attackers.

“It’s certainly correct that attacks against Ukraine have impersonated ransomware earlier, to conceal their real objective of pure destruction, and in several cases, energy firms such as this have been the main target,” said Mr. Doman.

“Nevertheless, in this case, the proof points to something more boring.”