F-Secure has identified malware that has invaded Ukraine and is investigating the events.
AOP
Ukraine’s administration and financial institutions were subjected to a series of cyber-attacks early Thursday that destroyed data from hundreds of computers. Director of Research at F-Secure, a security company Mikko Hyppönen says Tivillethat he thinks it is obvious that Russia is behind the attacks.
– It refers to the targets that have been hit and the method of attacks. These are destructive attacks and there is no money motivation behind them, Hyppönen says to Tivi.
According to F-Secure’s research, behind the attacks is the HermeticWiper malware, which prevents machines that have been hit by it from starting. Malicious software hits Windows servers and workstations and destroys their data.
Hyppönen says that the target networks of the attacks were hacked in advance and the destruction of the data began at a certain time. F-Secure received the first samples of the malware at about five o’clock on Wednesday afternoon, about 12 hours before the attack began. The company has since investigated the background to the attack.
– The biggest mystery is which route and when the target organizations have been entered, Hyppönen summarizes.
According to Hyppönen, a special threat image is that there is an unidentified hole in the systems, such as a zero day. If so, an unobstructed vulnerability could be a gateway to other attacks as well.
– When previous significant attacks in the spread of malware have been used in state attacks, they have also ended up being used by criminals, Hyppönen says.
The country has already been the subject of several denial-of-service attacks a week ago. They targeted the Ukrainian administration and those working closely with it. In addition, attacks were made on several banks.
– The targets have been, among other things, the financial sector, which has led to money transactions not necessarily working, Hyppönen says.
Mikko Hyppönen emphasizes that denial-of-service attacks are less critical than the HermeticWiper attacks seen on Thursday morning. Thursday’s attacks hacked inside the networks, but the denial-of-service attack only slows down or disrupts the service and has no lasting impact.