Ontario IT Services and IT Support

The digital war between Russia and Ukraine

The conflict in Ukraine and Russia continues with both countries wanting to win. Ukraine wants to regain control of their country, and Russia wants to maintain its dominance over neighboring countries.

But what happens when the war extends beyond the field?

The ruling parties in both countries are trying to gain more internet control over their citizens, this translates into control over information and advantage in battles. This has already caused some countries to ban their content from Russia; in turn, Russia has done its best to leave Ukraine without Internet.

A digital war such as this is unprecedented. This war unfolds in an entirely different way than most. The war has developed many different branches, causing extensive financial losses, cyberattacks and miscommunication on all sides.

Wiper, the Russia’s ultimate digital weapon

Researchers have discovered a new type of destructive malware affecting computers in Ukraine, making it at least the third line to infect Ukrainian systems since the Russian invasion began.

The malware, called CaddyWiper, was discovered by researchers at Slovakia-based cybersecurity firm ESET, who shared details in a tweet thread posted Monday.

According to the researchers, the malware deletes user data and partition information from all drives connected to a compromised device. Sample code shared on Twitter shows that the malware corrupts files on the device by overwriting them with empty byte characters, rendering them unrecoverable.

A clean attack with total losses

 CaddyWiper-the-ultimate-malware-used-by-Russia-to-attack-Ukraine's-computers
Russia aims to permanently deletes Ukraine’s data.

Jean-Ian Boutin, head of threat research at ESET, told The Verge: “We know that if the wiper works, it will effectively render the system useless. However, it is unclear at this point what is the overall impact of this attack.”

So far, Boutin said, the number of cases in the wild appears to be low, and ESET’s study noted that CaddyWiper is targeting a single organization.

ESET’s research uncovered two other ways to remove malware targeting computers in Ukraine. The first line, which the researchers called HermeticWiper, was discovered on February 23, a day before Russia began its military invasion of Ukraine. Another wiper called IsaacWiper was released in Ukraine on February 24.

However, the timeline shared by ESET shows that IsaacWiper and HermeticWiper were in development for months before the release.

Ransomware or Malware?

Wiper programs share a few similarities with ransomware related to their ability to access and modify files on a compromised system, but unlike ransomware, which encrypts data on a disk until the deployment fee is paid by an attacker, wipers permanently delete disk data and there is no way to restore it.

This means that the malware target leads only to damage the target instead of extracting any financial reward for the attacker.

While pro-Russia hackers use malicious software to destroy data on Ukrainian computer systems, some hackers supporting Ukraine are implementing the opposite method, leaking the data of Russian companies and government agencies.

In general, Cyberwarfare has been largely failed at the time of Russian-Ukrainian hosting, but the biggest attacks are still in stores. In the United States, the Cybersecurity and Infrastructure Agency (CISA) has provided insights to organizations that may be affected by the same type of malware used in Ukraine.

Starlink to the rescue of Ukraine

Elom-Musk-delivers-Starlink-internet-service-to-Ukraine
Just after Mykhailo Fedorov, Ukraine’s minister of digital transformation, called out Elon Musk via Twitter for help, the SpaceX’s CEO quickly answered to the request delivering Starlink internet service for Ukraine.

Starlink, the application that allows mobile users to reach SpaceX’s satellite internet services with the same name, is already the most downloaded app in Ukraine since March 14, after peaking on March 13, according to data observed by Wall Street Journal, following SpaceX’s CEO Elon Musk’s fast deliver of the terminals that provide the internet service.

According to Sensor Tower, a company that provides Google Play and App Store data, the app was downloaded 21,000 times worldwide only on March 13, with most downloads coming from Ukraine. This representing the most global installs in just one day.

This app was downloaded around 100,000 times in Ukraine according to Sensor Tower data, with more global downloads than tripling in the past two weeks.

Starlink became available in Ukraine just a few days after Russia invaded the country, in an historical move after Ukraine’s minister of digital transformation, Mykhailo Fedorov, called out Elon Musk via Twitter to supply the country with the terminal stations that enables the internet service – this requirement was quickly answered by Musk.

Conclusion

This blog post has outlined the importance of digital security and how it has changed in the modern world. A clean attack with total losses is what we often see in the now days digital world. The war between Russia and Ukraine is a perfect example of this, as both countries have been embroiled in a war of misinformation and cyberattacks.

It’s easy to understand why there is a digital war occurring between these two countries. Both sides need the internet to function and profit from the connections they have. This digital war isn’t going away, so it is important that both sides keep up with the cybersecurity.

The truth is that we must be prepared for cyberattacks to spread to other countries (that might be considered one or other side allies), so it is time to prevent data loss and compromise our own security by reinforcing our cybersecurity and that of our companies.

You might be interested in:

The 12 most in demand jobs this 2022

5 ways to protect your business from cyberattacks

Oh! You have a data breach. Do your backups really work?