New York, Jan 16 (EFE).- Microsoft has detected a malware operation aimed at government and private computer networks in Ukraine that could render them “inoperable,” thus posing an elevated risk, according to a report published late on Saturday and which The New York Times reported on Sunday.
The Microsoft Threat Intelligence Center (MSTIC) on Thursday for the first time identified the malware, which is similar to ransomware but appears to be designed to be destructive and to render the affected computers unusable rather than to extort a “ransom” from the target in exchange for the restoration of computer functions by the attacker.
“These actions represent an elevated risk to any government agency, non-profit or enterprise located or with systems in Ukraine,” MSTIC said in a blog post late on Saturday.
“We strongly encourage all organizations to immediately conduct a thorough investigation and to implement defenses,” MSTIC added.
Microsoft security expert Tom Burt said on the corporate blog that among the victims of the malware that is being investigated are government agencies linked to the Ukrainian executive and emergency branches, along with a firm that manages Web pages for public and private sector customers.
“We’ve observed destructive malware in systems belonging to several Ukrainian government agencies and organizations that work closely with the Ukrainian government,” said Burt, adding, “The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable.”
Ukraine on Friday reported a massive cyberattack on 70 different Web pages, including government agencies – such as the Cabinet of Ministries, the Foreign Ministry and the Emergency Situations Service – all of which were at least temporarily put out of service, and Kiev has said that the attack appeared to have a Russian footprint.
Nevertheless, Microsoft, which has not ruled out that more systems could be affected by the attack, has not managed to identify who is behind the huge info-piracy operation because its characteristics do not correspond to the activities of “other known groups.”
The malware attack against Ukraine overwrites the portion of a computer’s hard drive that tells the computer how to load its operating system and replaces it with a “ransom” note, MSTIC said. Within the ransom note is a Bitcoin wallet and an account identifier but neither of these has been previously observed or identified by Microsoft, the threat center added.
However, according to MSTIC, the ransom note is merely a ruse and the malware destroys the computer’s hard drive and all the files it targets, and thus it does not appear to be a bona fide ransomware attack but rather one designed to simply wipe out computer systems.
Meanwhile, US President Joe Biden’s national security adviser, Jake Sullivan, promised on Sunday that there will be reprisals if it is confirmed that Russia was behind the cyberattack, as Kiev claims.
A few hours after the Ukrainian government said that “all evidence” points to the conclusion that Moscow orchestrated the attack, Sullivan sidestepped confirming that but said that Washington is still working to identify whoever was responsible for the strike.
He told CBS News that if Russia is found to have been the attacker, and if this behavior continues, the US will work with Washington’s allies to implement an “appropriate” response.
The New York Times said that the malware identified by Microsoft could have been deployed on the same date as the breakdown in talks among Russia, the US and NATO regarding the massive buildup of Russian troops along its border with Ukraine.
The US and NATO had been meeting with Kremlin representatives in an attempt to avert a potential Russian invasion of Ukraine, which is not a member of NATO and regarding which Moscow has said it wants Western assurances that it will never join the security alliance.
Moscow annexed Ukraine’s Crimean Peninsula in 2014 and has backed separatist forces within a portion of eastern Ukraine since that time. Hostilities that have waxed and waned have been pursued there over the past 7 years that have resulted in some 14,000 deaths.