8 July 2017

Ukraine says it foiled 2nd cyberattack after police raid

by Raphael Satter

KIEV, Ukraine (AP) — Ukrainian authorities have avoided a second cyberattack, the country’s interior minister said Wednesday, an announcement that suggests the effort to wreak electronic havoc across the country is ongoing.

Ukraine is still trying to find its feet after scores or even hundreds of businesses and government agencies were hit by an explosion of data-scrambling software on June 27. In a Facebook post, Interior Minister Arsen Avakov said there was a second stage to that attack, timed to hit its peak at 4 p.m. in Ukraine on July 4.

Avakov said the second strike — like the first one — originated from servers at the Ukrainian tax software company M.E. Doc, which sheds a little more light on Tuesday’s heavily armed raid on M.E. Doc’s office and the seizure of its servers.

The firm acknowledged Wednesday that it had been broken into and used by hackers to seed an epidemic of malware — an admission that came after a week of increasingly implausible denials.

It’s not clear what the thrust or scope of the second cyberattack in Ukraine was, but M.E. Doc is widely used across Ukraine, making it a tempting springboard for hackers. An executive at the company behind the software was quoted by Interfax-Ukraine as saying it was installed on 1 million machines across the country.

How many of those machines have been infected is an open question.

The June 27 attack initially seemed to be a particularly aggressive form of ransomware, but many analysts who picked it apart later said it appeared to be a thinly disguised attempt to destroy data and sow chaos. Some said the malware epidemic was likely state-backed, and Ukrainian officials have squarely put the blame on the Kremlin.

Russian officials routinely deny such claims.

In the meantime, the online wallet carrying roughly $10,000 worth of digital currency extorted by the cyber attackers was emptied shortly around the time of the July 4 raid, according to Bitcoin’s public ledger. Information security experts say some of the money appears to have been used to purchase space on a darknet text storage site, where a statement demanding 100,000 bitcoin, or roughly $2.6 million, in exchange for unscrambling all the affected files materialized shortly thereafter.

It’s impossible to determine whether the offer is serious or just a distraction.

The AP was unable to immediately reach the hackers for comment.

Ukrainian officials have not offered a global estimate of the amount of damage inflicted by the June 27 attack. But in an interview Tuesday with The Associated Press, Infrastructure Minister Volodymyr Omelyan said the damage at his department alone ran into millions of dollars.

No comments: