Hackers hit Ukraine’s national bank, the state power provider, an airport, and a number of other agencies and companies with a ransomware attack on Tuesday. This left top-ranking Ukrainian officials unable to access computers and an untold number of citizens unable to access their money.
A hacked ATM in Crimea, circa 2014. (Photo: AP)
So far the ransomware attack appears to have affected over 80 companies in Ukraine, Russia, England and India. Hackers are demanding $300 in bitcoin to unlock the affected computers. One representative of the power company Kyivenergo told the Interfax-Ukraine news agency that his company turned off all of their computers after the attack, and they were “waiting for permission from Ukraine’s Security Service to switch them back on”.
Meanwhile, Anton Gerashchenko, an aide to the Interior Ministry, called the attack “the biggest in Ukraine’s history” in a Facebook post. He went on to claim that it’s “disguised as an extortion attempt” but actually aimed at “the destabilization of the economic situation and in the civic consciousness of Ukraine”. Which, in the context of recent cyber attacks targeting Ukraine, makes total sense.
Some of our gov agencies, private firms were hit by a virus. No need to panic, we’re putting utmost efforts to tackle the issue ? pic.twitter.com/RsDnwZD5Oj— Ukraine / Україна (@Ukraine) June 27, 2017
Before we get into the geopolitical implications, though, let’s talk about the ransomware itself. The Swiss Reporting and Analysis Centre for Information Assurance (MELANI) has identified the ransomware as Petya, a cyber weapon that’s been spotted in the wild before. Although it appears to be targeting Ukraine primarily, the scale of this ransomware attack is already being compared to WannaCry, a massive assault that brought down computer systems around the world in May. This month, everyone from the Ukrainian government agencies to the Danish shipping company Maersk appear to be affected. The list of targets will likely grow in the coming hours and days.
This latest, massive attack is one of thousands that have hit Ukraine in the past couple of years. However, after two consecutive attacks last year that brought down parts of the power grid in the country’s capital, Kiev, it’s clear that the hackers are escalating their efforts. The timing of Tuesday’s attack was particularly curious, too. The string of assaults came just a few hours after a top-ranking Ukrainian military intelligence officer was killed in a Kiev car-bombing.
It’s too early to tell whether these incidents are linked, but the trend towards more extreme cyber warfare stemming from conflict in the region is undeniable.
Many, including Ukrainian president Petro Porshenko, believe that Russian state-sponsored hackers have targeted Ukraine in the past in an effort to undermine the country’s political processes, economic fortunes and physical infrastructure. The spike in attacks dates back to 2014, when the Ukrainian Revolution removed Kremlin-backed President Viktor Yanukovych from power. Not long after that, a pro-Russian hacker group called CyberBerkut attempted to rig the Ukrainian elections. The same group has links to the hackers the infiltrated the Democratic National Committee (DNC) ahead of the 2016 US presidential elections.
So you can see how all of this chaos is starting to seem like it might make its way to the US. As Wired‘s Andy Greenberg explains in the magazine’s cover story this month, however, it already has. Greenberg reports:
But many global cybersecurity analysts have a much larger theory about the endgame of Ukraine’s hacking epidemic: They believe Russia is using the country as a cyberwar testing ground — a laboratory for perfecting new forms of global online combat. And the digital explosives that Russia has repeatedly set off in Ukraine are ones it has planted at least once before in the civil infrastructure of the United States.
The report goes on to link a Russian hacker group called Sandworm with BlackEnergy, a destructive breed of malware found not only on the computers of Ukrainian utility companies but also “on the networks of American power and water utilities”. Security researches at Dragos have also linked Sandworm hackers to CrashOverride, the ultra versatile cyber weapon used to cause in the 2016 Kiev blackout.
Russian troops at a Victory Day military parade on 9 May 2016. (Photo: AP)
If your head is starting to spin with the many disparate links from Ukrainian cyber chaos to the potential for a catastrophic attack on US infrastructure, that’s the point. This is all very scary stuff, pulled from a Hollywood hacker movie like Blackhat but 100 times more frightening since these cyber weapons are very real and very sophisticated.
Again, we don’t yet know if Russian state-sponsored hackers are behind Tuesday’s string of attacks. Security researchers will surely be digging into the code and trying to unravel the web of connections between known entities and potentially new players. But for now the list of entities affected by this latest strain of rapidly spreading ransomware will only continue to grow.
And just in case you weren’t concerned already:
Chornobyl nuclear power plant has switched to manual radiation monitoring of site b/c cyberattack, says Exclusion Zone agency press service.— Christopher Miller (@ChristopherJM) June 27, 2017