With the Russian invasion of Ukraine, government officials here in the U.S. are warning organizations nationwide to prepare for possible retaliation from Russia and associated cybercriminal gangs. Regardless of whether you work with the government and/or are part of the supply chain, everyone is at risk.

Here is a rundown of the joint alert and a summary of what all businesses and organizations need to be aware of right now.

The Nature of the Threat

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warn that data-destroying malware used against Ukraine prior to a large-scale Russian attack on the country poses a serious threat to our own. “Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data,” the U.S. agencies said in their public advisory. “Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries.”

WhisperGate and HermeticWiper

In the government alert, CISA states the following:

Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable.

• On Jan. 15, 2022, the Microsoft Threat Intelligence Center disclosed that malware, known as WhisperGate, was being used to target organizations in Ukraine. According to Microsoft, WhisperGate is intended to be destructive and is designed to render targeted devices inoperable.
• On Feb. 23, 2022, several cybersecurity researchers disclosed that malware known as HermeticWiper was being used against organizations in Ukraine. According to SentinelLabs, the malware targets Windows devices, manipulating the master boot record, which results in subsequent boot failure.

Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data. Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries. Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection and response for such an event.

How to Protect Yourself

The advisory includes several technical recommendations for organizations to keep malicious software from spreading on their systems. The areas the alert covers include best practices and planning strategies for communication flow, access control, monitoring, file distribution, system and application hardening, recovery and reconstitution planning, and incident response.

Click here to read the full set of recommendations, which we will cover in detail in our next post.

Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!