Since the beginning of the war in Ukraine, Russian and Ukrainian hackers have been fighting on the so-called “digital frontline”. To quantify the firepower, the number of ransomware attacks on Russian companies has tripled since February 28, according to Kaspersky Lab, a Russian multinational cybersecurity company, which has found a direct link between the surge in online attacks and the outbreak of military conflict found in Ukraine.
At the same time, developers of information security solutions such as Fortinet, ESET, Avast and NortonLifeLock Inc. have left the Russian market, making it difficult for companies to protect themselves against external attacks.
Making money from online ransomware and extortion often served as a motivation for conducting cyber attacks. But before the war, cybercriminals tended to focus more on the headlines when pursuing their targets – for example, at the beginning of the COVID-19 pandemic, when users were faced with a large volume of spam and phishing emails.
The new motive for cyber attacks
In 2022, however, the face of cybercrime has evolved. Attacks today are driven more by personal motives and moral beliefs than the desire for financial gain.
The aim of new attacks is to block or make it more difficult to access the victim’s data. Alexey Chuprinin, head of Application Security Softline, reports Russian Business Daily Kommersant that hackers “don’t just target companies capable of paying a ransom, such as industry and finance – they also target organizational structures, which can provoke public outcry.”
Using Russian ransomware against Russian companies seemed like the perfect f*ck you.
Immediately after the war broke out, Conti, a ransomware-as-a-service group, announced full support of the Russian government. In retaliation, a partner working from Ukraine released information about the identity of Conti members and the source code of the ransomware program.
This “allowed hacktivists to use this family of programs against organizations in Russia,” said the head of Group-IB’s digital forensic laboratory, Oleg Skulkin. It served as a means of anonymously protesting against one’s own government.
A representative of the Network Battalion 65 (NB65) ransomware group said similarly. Tech Novosti how a former member of the Russian group Trickbot leaked chat logs for two years as well as a variety of operational data about their group.
“We took a copy of the source code and decided it would be a good idea to use this ransomware against Russia. The irony of using Russian ransomware against Russian companies seemed like the perfect f*ck you,” he said. “It’s our way of saying, ‘Russian ship, Russian ship, this is Network Battalion 65. F*ck you!’ “
The Ukrainian government welcomes this growth in hacking. Slava Banik, head of Ukraine’s IT army at the country’s Ministry of Digital Transformation, tells euronews that more than 300,000 people worldwide are using their computers to help disrupt Russia’s war effort and the everyday lives of Russian civilians.
It’s a tactic that even ordinary, non-technical citizens can resort to.
One way to do this is to overload Russian websites with junk traffic and force them offline. It’s a tactic that even ordinary non-tech savvy citizens can fall back on, and it can be used to target Russian banks, government websites, and media.
The Ukrainian army has now organized around 3,000 IT specialists, divided into so-called digital “battalions”, who carry out cyber attacks on Russian websites on a daily basis. All actions are coordinated with the Headquarters of the Armed Forces of Ukraine in Kyiv.
war from the bedroom
In his latest reportKaspersky Lab supports its thesis that cyber incidents are politically motivated, since only Ukrainian-made variants of encryption programs are involved in attacks on Russian resources.
One of the malware recently discovered by experts was the Freeud viper, developed by pro-Ukrainian backers. The ransom note sent after the program was activated states that Russian troops must leave Ukraine.
“The wording and spelling of the note suggest that it was written by a native Russian speaker,” say Kaspersky experts.
Yes, the enemy (online or offline) can be where you least expect it.