Hundreds of Ukrainian websites are suffering from cyber attacks in the last hours. In addition to the DDoS attacks that have caused the servers to crash, a new malware tasked with deleting data has now been added. The computer security company ESET has revealed the detection of a new threat that affects hundreds of sites. A problem that deletes all types of data and files and makes the system stop working normally.
Data wipe and DDoS on Ukrainian sites
Many banks and government agencies in Ukraine have suffered in the last hours DDoS attacks that have cut off the service. This type of attack is based on sending many requests continuously so that the servers cannot respond and crash. It is a problem that can cause great economic losses to companies by causing them to spend hours without working.
But to this is added the discovery of ESET and Symantec, who have detected a new data-wiping malware that has been used against Ukrainian organizations. The objective is clear: eliminate all kinds of data and information and thus generate chaos and damage. In the ESET Twitter profile we can see the information of this new malware in charge of deleting data.
breaking. #ESETResearch discovered a new data wiper malware used in Ukraine today. ESET telemetry shows that it was installed on hundreds of machines in the country. This follows the DDoS attacks against several Ukrainian websites earlier today 1/n
— ESET research (@ESETresearch) February 23, 2022
According to ESET, this new data eraser is detected as Win32/KillDisk.NCV and has been seen deployed on hundreds of devices in Ukrainian networks today. Of course, the malware was compiled on December 28, so the attacks may have been planned for a long time.
For its part, Symantec has shared the hash of the new data deletion malware on its social networks. Currently, they say, only 16 of the 70 security engines on VirusTotal detect it.
From BleepingComputer they have carried out an analysis of this new malware and have detected that it contains four integrated drivers called DRV_X64, DRV_X86, DRV_XP_X64 and DRV_XP_X86. When running the malware, it installs one of those drivers as a new Windows service. It takes advantage of legitimate EaseUS Partition Master software.
This is not the first such attack.
Keep in mind that this is not the first such attack on Ukrainian websites. Last January, Microsoft warned of a threat that was disguised as ransomware and was used against different Ukrainian organizations. That data-wiping malware was named WhisperGate .
The mission of this malware was to corrupt files and wipe device components. This makes it impossible to start Windows or to access those files. Something similar is what has happened with this new threat that is affecting numerous pages in Ukraine today.
Although the attacks have not been directly attributed to Russia, these threats have been used by hackers promoted by the Russian government. If we go further back in time, already in 2017 there was an attack against Ukrainian citizens with the NotPetya ransomware and in 2020 the United States formally accused a group of Russian cybercriminals of a similar attack.
We are seeing in the last few hours the increase in tension between Russia and Ukraine, with different bombings in the Ukrainian country. But current wars are not just missiles and it is something that we can see with the example of these DDoS attacks and erasure malware that seek to destabilize and generate greater problems.