The reasons for cyber attacks aimed at Ukraine and the existence of Russia that can be seen through
The world of cyber security has been in destructive hacking for the last few weeks.At the same time as hacking, Russia may invade Ukraine or be a warning.
The other day, there was a sign of the first wave of such hacking.Although the size of the attack that has been confirmed so far is small, there is a characteristic in that method.It suggested that Russia had once again launched the destructive cyber war, as once led to Ukrainian government agencies and important infrastructure.
Meanwhile, Microsoft's security researcher announced on January 15 (US time) that Microsoft's security researchers have destroyed data by using ransomware computers and related organizations in Ukrainian government agencies and related organizations.Some of the victims include IT companies that have managed many websites.
The hackers were early in the morning of the 14th, with an anti -Ukrainian message on such websites.Microsoft has discovered such "wiper mulware" in another network, warning that the victims may increase.
RELATED ARTICLES電力会社のPCがハッカーに乗っ取られる決定的瞬間──サイバー攻撃で大停電が起きたウクライナでカメラが捉えた(動画あり)View Story
1st stage attack
Victor Zola, a senior employee of the Ukrainian cyber security agency, State Services for Special Communication and Information Protection (SSSCIP), said that he first learned about the ransomware message.
Systems administrators have found a situation in which the PC has been locked and a message requiring bitcoin equivalent to $ 10,000 is displayed.After restarting, the hard drive was damaged and it was impossible to recover.
Zola says only a small number of PCs discovered Malware, but Microsoft has warned that many systems are infected with malware.As of the morning of the 16th (standard time in the eastern United States), it seems that one person tried to pay the whole ransom.
"I'm checking what leads to a bigger attack," says Zola."This is the first stage, and it may be part of a more full -fledged attack in the near future. I am very worried."
Microsoft has been warning that MBR (Master Boot Records) (Master Boot Records) is overwritten by malware after restarting a fake ransomware.The MBR is the information stored in the hard drive, and the data required to start the OS is recorded.
After that, the malware runs a program to destroy files, and overwrites a list of files in a specific directory one after another.Microsoft explains that regular ransomware has no such destructive function.If the victim pays a ransom, it will be difficult to recover.
In this attack, the hacker side has no intention of tracking victims or recovering the PC paid by the ransom, because both malware and ransomware messages are adjusted to individual targets.It is thought.
Commonity of Russia with cyber attacks
The destructive technique of malware and the false ransomware message reminiscent of Cyber attacks that Russia set up in Ukraine in 2015-17.At that time, it was an attack that brought some catastrophic results.