Since the beginning of the war in Ukraine, Russian and Ukrainian hackers have been fighting tit for tat on what can be called the “digital front line”. To quantify the firepower involved, the number of ransomware attacks against Russian companies has tripled since Feb. 28, according to Kaspersky Lab, a Russian multinational cybersecurity firm that has found a direct link between the rise in online targeting and the outbreak of the military conflict in Ukraine. .
At the same time, developers of information security solutions such as Fortinet, ESET, Avast and NortonLifeLock Inc. exited the Russian market, making it harder for companies to protect themselves against external attacks.
Making money from ransoms and online blackmail has often served as motivation for carrying out cyberattacks. But before the war, cybercriminals tended to keep headlines in mind when pursuing their targets – for example, at the start of the COVID-19 pandemic, when users faced a large amount of spam and phishing emails.
The new motive for cyberattacks
In 2022, however, the face of cybercrime has changed. Attacks are now motivated more by personal motives and moral convictions than by a desire for financial gain.
The goal of the new attacks is to block or complicate access to the victim’s data. Alexey Chuprinin, head of Application Security Softline, tells Russian business daily Kommersant that hackers “not only target companies capable of paying a ransom, for example industry and finance – they also target organizational structures, which can cause public outcry.”
Using Russian ransomware against Russian companies seemed like the perfect “fuck you.”
Immediately after the outbreak of war, Conti, a ransomware-as-a-service group, announced unequivocal support for the Russian government. In retaliation, a partner working from Ukraine released information about the identities of Conti members, as well as the source code of the ransomware program.
This “allowed hacktivists to use this family of programs against organizations in Russia,” said IB Group Digital Forensics Lab Manager Oleg Skulkin. It was a way to protest anonymously against their own government.
Similarly, a representative of the Ransomware Network Battalion 65 (NB65) group explained to Tech Novosti how a former member of the Russian group Trickbot leaked two years of chat logs along with a wealth of operational data regarding their group.
“We took a copy of the source code and decided it would be a good idea to use this ransomware against Russia. The irony of using Russian ransomware against Russian companies seemed like the perfect ‘fuck you’,” he said.”
The Ukrainian government welcomes this growth in piracy. Slava Banik, head of Ukraine’s IT army at the country’s Digital Transformation Ministry, told Euronews that more than 300,000 people around the world are using their computers to help disrupt Russia’s war efforts, as well as than the daily life of Russian civilians.
It’s a tactic that even ordinary, non-tech-savvy citizens can resort to.
One way to do this is to overload Russian websites with unwanted traffic, forcing them to go offline. It’s a tactic that even ordinary, non-tech-savvy citizens can resort to, and it can be used to target Russian banks, government websites, and the media.
Meanwhile, the Ukrainian military has amassed around 3,000 computer scientists, divided into so-called digital “battalions”, who carry out cyberattacks on Russian websites every day. All actions are coordinated with the Main Headquarters of the Armed Forces of Ukraine in Kyiv.
The war from the bedroom
In its latest report, Kaspersky Lab supports its thesis that the cyber incidents are politically motivated, as variants of encryption programs made exclusively in Ukraine are implicated in attacks against Russian resources.
One of the malware recently discovered by experts was the Freeud viper, developed by pro-Ukrainian supporters. The ransom note sent after the program was activated states that Russian troops must leave Ukraine.
“The choice of words and the way the note is written suggest that it was written by a native Russian speaker,” Kaspersky experts explain.
Yes, the enemy (online or offline) can be where you least expect them.