The hackers that took down the ministry’s site wants a ransom in the amount of 0.1 Bitcoin (approximately $930 or slightly over 24,000 hryvnias at today's exchange rate) to be transferred to a cryptocurrency wallet, according to the notice placed on the ministry's home page. The cybercriminals threaten to delete all the files and website content if the Ministry does not fulfill the demand within ten hours.
It is not the first time that hackers have targeted Ukrainian government systems and essential infrastructure companies. The latest large-scale cyber attack took place at the end of October 2017, when Bad Rabbit ransomware haunted Russian and Ukrainian companies and state authorities demanding ransom in the amount of 0.05 Bitcoin for file decryption.
[telegram-banner]
This time the attack seems to be an isolated event carried out by an amateur hacker or a group of hackers for fun as no other Ukrainian government websites or systems have been affected so far, cyber police spokeswoman Yulia Kvitko commented to Reuters.
“This case is not large-scale. If necessary, we are ready to react and help,” Kvitko said in a written comment to Reuters.
Currently, the specialists have managed to remove the ransomware screen. However, the site of the Ministry is under maintenance with no information as to when full functionality will be restored.
“Our specialists are working right now ... We do not know how long it will take to resolve the issue,” the ministry spokeswoman commented over the phone.
Cybersecurity experts from AlienVault believe that the ministry’s website was hacked by amateurs, rather than high-profile cybercriminals. Moreover, a person known under the name X-zakaria seems to have only defaced the website for fun, while a second hacker decided to use the vulnerability to encrypt files and demand a ransom. Apparently, they hoped that the amount was small enough that the Ministry would find it easier to pay than to bother with decryption and files recovery. But it seems they got it wrong as their wallet is still empty.
This article appeared first on Cryptovest