Software strike Russia: Ukraine has allegedly shown bravery against Russia and advanced in the war after retaking Kherson from Russian forces. As the fierce battle continues on more than 1,000 km of front lines, the strategic and symbolic victory of Ukraine serves as a reminder that war is still in progress. However, as the Ukrainian forces are celebrating and dancing in Kherson, Russia once more has put Ukraine in a tough position.
Russia’s new ransomware is making Ukrainian officials really nervous. In a recent event, a software strike of Russia caught Ukraine off guard. According to a media report by BLEEPINGCOMPUTER, Russian hackers have infected multiple organizations in Ukraine with a new ransomware strain called ‘Somnia,’ which is encrypting their systems and causing operational problems.
The Computer Emergency Response Team of Ukraine (CERT-UA) has confirmed the outbreak via an announcement on its portal, attributing the attacks to ‘From Russia with Love’ (FRwL), also known as ‘Z-Team,’ whom they track as UAC-0118.
Tricking the Ukrainian Officials
Ukrainian officials are being tricked by Russian hackers. As per CERT-UA, the hacking group is using fake sites to promote an ‘Advanced IP Scanner’ software to trick Ukrainian organization employees into downloading an installer. Once the installer gets installed, the software Somnia infects the system with the Vidar stealer, which steals the victim’s session data to take control of their account.
The Russian hackers then threatened Ukrainian officials in some unspecified manner to steal VPN connection data (authentication and certificates). If the VPN account isn’t protected by two-factor authentication, the hackers use it to gain unauthorized access to the victim’s corporate network. And boom, Russian hackers have almost all the information they need to capture Ukrainian officials. The ransomware then encrypts files and adds the .somnia extension to the file names. The most interesting aspect of these attacks is that the hackers are not asking for any money to decrypt the data and return it to the rightful owner. The data is simply being locked by hackers, making Ukrainians suffer to perform important war-time functions.
Impeding the tank production and electricity grid
Reportedly, most of these ransomware attacks are against Ukrainian companies which are currently producing military vehicles like tanks for the Ukrainian army. The CERT has also posted evidence of attacks against tank producers in Ukraine. For the unaware, Ukraine only manufactures tanks in the name of military hardware. The Malyshev Factory in Kharkiv, Ukraine, which is best known for its production of Soviet, tanks, is also impacted by the software strike from Russia. This factory also produces diesel engines, farm machinery, coal mining, sugar refining, and wind farm equipment.
Furthermore, it is highly likely that the Ukrainian energy sector is also being targeted by the ransomware attack. Because similar cyberattacks have also taken place back in 2015-2017. A malware called Sandworm was used by Russia to make Ukrainian energy infrastructure suffer causing widespread outages during the coldest months of 2016 and again in 2017. Last month, Microsoft also blamed Russia for purposely using ransomware to deceive Ukrainian officials and creating hurdles in important transportation and logistics production.
Russian hacking groups have launched numerous cyberattacks on the government and corporate networks of Ukraine throughout the war, often parallelly with Russian military strikes. Today’s wars are fought not only on battlefields but also on the internet and Russia seems to be very adept at it.