The war in Ukraine has entered its first year and with it came the age of wipers. Destructive malware variants tried to rip through sensitive Ukrainian systems, marking an unprecedented pace of attacks in the country. While such attacks were not unheard of in the years preceding the Russian invasion, the rise of wiper incidents detected in various sectors was notable.
According to ESET experts, the Russian invasion on February 24th, 2022 saw a growing number of destructive malware variants tried to rip through critical Ukrainian systems. The company has attributed the CaddyWiper, NikoWiper, RansomBoggs, and Prestige ransomware to Russian cyber offensives. However, attribution based on evidence is a different beast. In an episode of the ESET Research podcast, researchers Anton Cherepanov and Robert Lipovský explained what pointed them to these crucial samples and how they were able to pin some of the attacks on the Russian cybergroup that was probably most notorious for NotPetya and Industroyer.
The two researchers also offer their recollection of the events of February 23rd, 2022; compare the HermeticWiper to its successors; and reveal the range of operating systems that were targeted. The level of success achieved by the attacks was also discussed. As seasoned experts closely following the cyberattacks in Ukraine, Anton and Robert present their views on why some of the wipers used ransomware as their disguise while others neglected to use any cover.
ESET Distinguished Researcher Aryeh Goretsky hosted the ESET Research podcast, and his guests were ESET Principal Researcher Robert Lipovský and ESET Senior Malware Researcher Anton Cherepanov. The podcast was an opportunity for listeners to know more about the cyber aspects of the first year of Russia’s war in Ukraine. Listeners can also learn about the detected malware families, their geographic distribution, the groupings they were deployed in, or their level of sophistication.
The war in Ukraine has raised the stakes for cybersecurity in the country, and experts suggest that the critical infrastructure’s defenses should be enhanced. The Ukrainian government must also be proactive in its efforts to protect its systems from foreign cyber threats. With the growing number of cyberattacks, experts agree that it is essential to emphasize the importance of cybersecurity to government officials, private organizations, and individuals.
The rise of wiper incidents in Ukraine and other countries indicates that offensive cyber capabilities are being used as a tool of war. Experts warn that capable cybercriminals and nation-state groups are likely to leverage such tools in future conflicts. Therefore, countries worldwide must focus on their own cybersecurity to ensure they are protected against similar attacks.
In conclusion, cybersecurity remains a significant concern in Ukraine, with cyberattacks and wipers continuing to target sensitive systems. The threat of cyberattacks is not limited to the country, but it is a global concern. As such, governments, organizations, and individuals must remain vigilant in their efforts to safeguard their networks and systems from evolving cyber threats.