Looks like Russia is hacking Ukraine. Who knew?
What is WhisperGate?
On January 15th a set of Malware dubbed ‘WhisperGate’ was reported to have been deployed against Ukraine targets. The malware is a wiper, and most of the targets being hit are military/government sites.
"This isn't ransomware, this is destruction"
While ransomware attacks generally give victims the option to pay a ransom in order to reclaim their data, the intention of this attack is to wipe the systems entirely clean.
The government of Ukraine has formally accused Russia of being behind these attacks.
3 Possible Avenues of Attack:
- WEB BREACH: CVE-2021-32648 Vulnerability in the OctoberCMS (content management system)
- LOST CREDENTIALS
- SUPPLY CHAIN: A Ukraine IT service company that helped develop these sites was also a victim
What Can We Learn From WhisperGate?
This is a test of backups. If they have any backup of their systems, they can be restored. If they don't, they're out of luck. For our purposes, we can lump this attack in with ransomware that you're not able or willing to pay. There will be 3 questions to ask:
- How good are your backups?
- Are they tried and tested?
- What's your restore point time? How long will it take you to get back and running?
Listen to the full episode to learn more.
Security This Week is a podcast for those curious about recent IT security breach events, what they mean, how they were achieved, and how to prevent similar attacks from happening to you.