Enlarge image
Photo: Sina Schuldt/DPA
IT security experts discovered new destructive malware in Ukraine on Wednesday evening.
According to the IT security company ESET, a so-called wiper was installed on “hundreds of computers across the country”.
This type of malware aims to make the data on an infected hard drive permanently unusable (to wipe).
It was only at the beginning of January that IT experts observed a wiper attack on the Ukrainian government's system.
As ESET reported on Twitter, the malware was first observed shortly before 5 p.m. Ukrainian time on Wednesday evening.
The attack itself may have been in preparation for around two months.
Vikram Thakur of IT security firm Symantec told Reuters news agency the infections were widespread.
Symantec reported wiper attacks in Ukraine, Latvia and Lithuania.
"The targets include financial and government companies," Thakur told Bleeping Computer.
Ukrainian officials described the wiper attack as part of a rising wave of hacking attacks on the country.
The websites of the Ukrainian government, the Ministry of Foreign Affairs and the State Security Service were temporarily unavailable late Wednesday afternoon.
According to the government, this is a so-called Distributed Denial of Service (DDoS) attack.
In such attacks, websites are overloaded and paralyzed by mass requests.
»Around 4 p.m., another massive DDoS attack on our state began.
We have relevant data from a number of banks,” said Mykhailo Fedorov, Minister of Digital Transformation, adding that the parliament's website was also affected.
Fedorov did not mention which banks were affected, and the central bank could not be immediately reached for comment.
The Ukrainian data protection commissioner said the number of hacker attacks was increasing.
"Phishing attacks on government and critical infrastructure, the proliferation of malware, attempts to penetrate private and public sector networks, and other destructive actions have increased," it said in an email.
It was initially unclear who was responsible for the cyber attacks.
When it came to the wiper, suspicion immediately fell on Russia, which has repeatedly been accused of launching hacker attacks on Ukraine and other countries in order to encrypt data and destroy systems.
Russia has always denied these allegations.
The analyzes of the wiper by the IT security experts are still ongoing.
Initially, little was known about how attacked computers were infected.
It was also initially not known whether data had actually been deleted.
At least the researchers found that the erasing software appeared to be digitally signed with a certificate issued to an obscure Cypriot company called Hermetica Digital Ltd.
was issued.
Such certificates could be used to smuggle the malware past the protective measures of antivirus programs.
According to Brian Kime, Vice President of the American cyber security company ZeroFox, the findings so far about the malware speak for a "sophisticated and targeted" attacker.
hpp/reuters
