Cyberattack in Ukraine Targets Government Websites, Surely Won’t be the Last.

Ukraine, Kyiv— Officials say a cyberattack made a number of Ukrainian government websites momentarily unavailable on Friday.

While it was unclear who was to blame, the outage occurred amid rising tensions with Russia and after discussions between Moscow and the West failed to achieve major results this week.

“It is too early to identify who was behind it,” Ukrainian Foreign Ministry spokesman Oleg Nikolenko told The Associated Press, “but there is a long record of Russian cyber assaults against Ukraine in the past.”

Moscow had previously denied any involvement in Ukraine’s cyberattacks.

According to Victor Zhora, deputy chair of the State Service of Special Communication and Information Protection, the attack targeted over 70 websites of both national and regional government agencies, but no essential infrastructure was harmed and no personal data was accessed.

According to Oleh Derevianko, a top private sector expert and founder of the ISSP cybersecurity firm, the hack amounted to a straightforward defacement of official websites. The hackers gained access to a content management system that they all use, but “didn’t gain access to the websites themselves,” according to the report.

According to Derevianko, the fundamental question is whether this is a stand-alone hacktivist attack by “patriotic” Russian freelancers or part of a broader state-sponsored operation.

Ukrainians’ personal data was allegedly put online and destroyed, according to a message sent by the hackers in Russian, Ukrainian, and Polish. “Be afraid and expect the worst,” it warned Ukrainians. Poland’s government responded with a statement claiming that Russia has a history of similar disinformation tactics and that the Polish in the message was clearly not from a native speaker.

Tensions between Ukraine and Russia have been high in recent months, with Moscow’s massing of 100,000 troops along Ukraine’s border.

In light of the cyberattacks, NATO Secretary-General Jens Stoltenberg said Friday that the alliance will continue to provide “strong political and practical support” to Ukraine.

In a statement, NATO Secretary General Jens Stoltenberg said, “NATO and Ukraine will sign an agreement on enhanced cyber cooperation in the coming days.”

Russia has a lengthy history of cyberattacks against Ukraine, including nearly destabilizing the country’s national elections in 2014 and briefly knocking out parts of its power grid in the winters of 2015 and 2016. The NotPetya virus, which targeted Ukrainian firms and caused more than $10 billion in damage internationally, was released by Russia in 2017 and was one of the most catastrophic cyberattacks on record.

Since then, Ukrainian cyber experts have been bolstering vital infrastructure defenses. Russian attacks on the electricity system, train network, and central bank, according to Zhora, are of special concern to officials.

According to experts, the prospect of another hack is serious because it would allow Russian President Vladimir Putin to destabilize Ukraine and other ex-Soviet nations that want to join NATO without fully committing troops on ground.

In an interview with the AP last week, Tim Conway, a cybersecurity lecturer at the SANS Institute, said, “If you’re trying to use it as a stage and a deterrent to stop people from moving forward with NATO consideration or other things, cyber is perfect,”

Last month, Conway was in Ukraine, simulating a cyberattack on Ukraine’s energy sector. Through institutions like the Department of Energy and USAID, the US has been assisting Ukraine in strengthening its cyber defenses.

In a separate project, Members of the REvil ransomware gang, which was behind last year’s Fourth of July weekend supply-chain attack targeting the Florida-based software firm Kaseya, were detained by Russia’s Federal Security Service, or FSB, on Friday. More than 1,000 businesses and government entities around the world were harmed as a result of the attack.

The FSB claimed that the gang had been dissolved, but REvil had virtually disbanded by July. According to cybersecurity specialists, the group’s members mostly joined other ransomware groups. They questioned whether the arrests would have a significant influence on Russian-speaking ransomware gangs, whose operations have only modestly slowed after a series of high-profile attacks on important U.S. infrastructure, like the Colonial Pipeline, last year.

The FSB claimed it raided the houses of 14 members of the gang and seized over 426 million rubles ($5.6 million) in cryptocurrencies, computers, crypto wallets, and 20 expensive cars “purchased with money earned through illicit means.” All of those arrested have been charged with “illegal circulation of means of payment,” a crime that carries a maximum sentence of six years in jail. The suspects have not been identified.

According to the FSB, the operation was carried out at the request of US authorities, who had denounced the group’s commander to Moscow officials. It’s the first major public step by Russian authorities since US Vice President Joe Biden urged Putin last year that his country needs to crack down on ransomware criminals.

Experts say it’s too early to tell whether the arrests are part of a larger Kremlin crackdown on ransomware offenders, or whether they’re merely a haphazard effort to satisfy the White House.

Bill Siegel, CEO of ransomware response service Coveware, said he’ll be waiting to see how long those arrested are sentenced to prison. “The follow-through on sentencing will send the strongest signal one way or another as to IF there has truly been a change in how tolerant Russia will be in the future to cyber criminals,” he added via email.

While the arrests follow a pattern of Kremlin pressure on ransomware criminals—including in some cases forcing them to hand over decryption keys—those arrested could simply be low-level affiliates, not the core group that managed the data-scrambling malware, according to Yelisey Boguslavskiy, research director at Advanced Intelligence. According to him, the REvil syndicate also allegedly ripped off several associates, giving it adversaries in the criminal underworld.

REvil’s attacks destroyed tens of thousands of machines around the world and netted at least $200 million in ransom payments, according to Attorney General Merrick Garland, who announced charges against two of the gang’s members in November.

Attacks like these drew a lot of attention from law enforcement officials all over the world. In November, the US filed accusations against two affiliates, just hours after European law enforcement officials unveiled the findings of a 17-nation investigation. Since February, seven hackers related to REvil and another ransomware family have been detained as part of the operation, according to Europol.

Last year, the Associated Press reported that US officials gave a small number of names of suspected ransomware operators with Russian officials, who indicated they were looking into it.

“Whatever Russia’s motivations may be,” Brett Callow, a ransomware analyst at cybersecurity firm Emsisoft, said the arrests would “certainly send shockwaves through the cybercrime community. The gang’s former affiliates and business associates will invariably be concerned about the implications.”

This is only the beginning of a tsunami of cyber infrastructure being prodded at as people inevitably test their skills behind a computer in light of global political unrest. The truth is, cyber security is a cat and mouse game. Vulnerabilities are inherent in these complex systems because they’re built for the end user, and not to prevent people from snooping around in the back end. Most of the cyber infrastructure currently in place could be considered practically naked in terms of cyber security because there are so many ways to exploit data. Why else would China go crazy for data like the leprechaun hoarding lucky charms in the old commercials? It’s valuable and its available; There’s a market for it, and you’re the product. Our complex way of life as a civilization has inadvertently created multiple back doors to be exploited by people more tech savvy than the rest of us. Technology related vulnerabilities can be expected to be magnified and exploited in the coming years for various reasons; political or criminally motivated. Stay inquisitive in the word of God, and the world around you.