© 2024 WYPR
WYPR 88.1 FM Baltimore WYPF 88.1 FM Frederick WYPO 106.9 FM Ocean City
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations
WYPO 106.9 Eastern Shore is off the air due to routine tower work being done daily from 8a-5p. We hope to restore full broadcast days by 12/15. All streams are operational

Ukraine Cyberattack Wasn't Really About Ransom, Security Experts Say

Cash machines in a supermarket in Kiev weren't working on Wednesday after a cyberattack paralyzed computers in Ukraine and elsewhere. Victims included government offices, energy companies, banks and gas stations.
Efrem Lukatsky
/
AP
Cash machines in a supermarket in Kiev weren't working on Wednesday after a cyberattack paralyzed computers in Ukraine and elsewhere. Victims included government offices, energy companies, banks and gas stations.

A deeper look at the virus that struck computers in Ukraine and elsewhere this week has shown that what initially looked like ransomware was in fact a type of malware called a "wiper." Rather than extorting money, it's goal was to erase victims' hard drives, disrupt their business and misdirect suspicions about the attacker's identity, according to The Washington Post and other media reports.

Victims of the cyberattack saw a screen asking them to pay $300 in bitcoin for a key to unlock their computer – the same ploy used by the WannaCry ransomware that hit computers in more than 150 countries in May.

But security experts say this attack was different.

"It definitely wasn't ransomware and wasn't financially motivated," Jake Williams, founder of cybersecurity firm Rendition Infosec, tells the Post. "The goal was to cause disruption in computer networks."

Likewise, Matt Suiche, founder of cybersecurity firm Comae Technologies, writes on his website, "The goal of a wiper is to destroy and damage ... Different intent. Different motive. Different narrative."

Suiche says the perpetrator wanted to disguise the intent of the attack. "We believe the ransomware was in fact a lure to control the media narrative," Suiche writes, "... to attract the attention on some mysterious hacker group rather than a national state attacker like we have seen in the past in cases that involved wipers such as Shamoon."

Still, Reuters says Ukrainian politicians blamed Russia for the attack, even as a Kremlin spokesman dismissed "unfounded blanket accusations."

The news agency says security researchers believe one goal of the attack was to put malware onto computers in government and commercial offices in Ukraine, perhaps in preparation for future sabotage.

In the short term, The New York Times says, the attack may have been aimed at shutting down Ukraine's computer systems. The malware appeared on the eve of a holiday celebrating the country's independence and initially targeted an unlikely group: tax accountants. The Times says many of them use Ukrainian-made software that runs on computers using Microsoft Windows and was recently updated. Microsoft said in a statement it has evidence that some of the ransomware infections started in the updating process.

Experts believe the attackers would have known they could get in through the update, the newspaper adds.

The attack paralyzed thousands of computers, shut down ports, factories and offices and spread to about 60 countries, Reuters says.

A second cyber attack hit Ukrainian's state power distributor, Ukrenergo, on Thursday, but didn't affect the nation's power network, according to the news service.

Danish shipping giant A.P. Maersk-Moller was hit hard by the spread of the malware this week, but said Friday its operations are almost back to normal, The Associated Press reports.

As for those still wondering if they should pay the ransom to restore their computers, Suiche notes, "The payment email address isn't accessible anymore if victims would happen to send payments."

Copyright 2021 NPR. To see more, visit https://www.npr.org.

Kathy Goldgeier
Kathy Goldgeier is NPR's Network Hub Content Manager. She is part of a team reimagining the collaboration between NPR and Member stations. She works closely with the regional news hubs that bring stations together to share resources, coordinate coverage and reach new audiences.