The Ukrainian Energy Ministry has been hit by a ransomware attack today morning. The website is running on Drupal However, the bad actors appear to have made use of the recently patched Drupal vulnerability, pointing out yet once again that patch management needs to be a top security-posture priority for government and critical infrastructure organizations.
Researchers suspect that the incident was two-pronged: First, a hacker (going by the handle “X-zakaria,” according to researchers at AlienVault quoted in a BBC report) was able to deface the website, while a second hacker then used the first actor’s backdoor to go in an encrypt the website’s files.
The website currently contains a banner written in English, demanding a ransom of 0.1 bitcoin – worth $927.86 (£664.98).
Ukranian cyber-police spokeswoman Yulia Kvitko said the attack is an “isolated incident” and no other government websites have been affected.
This attack again shows patch management needs to be in top priority.
Can you remove Ransomware?
If you have the simplest kind of ransomware, such as a fake antivirus program or a bogus clean-up tool, you can usually remove it by following the steps in my previous malware removal guide. This procedure includes entering Windows’ Safe Mode and running an on-demand virus scanner such as Malwarebytes.
© 2018, Techrunnr. All rights reserved.