Skip to main content

Another Hackers Group Novel RURansom wiper targets Russia, motives revealed in the code.

 



Initially suspected to be a strain of ransomware, the RURansom malware appears to be a wiper targeting Russia over Moscow's war against Ukraine.

Researchers at Trend Micro claim that the novel RURansom malware is not what it seems. First thought to be a new strain of ransomware, as the name implies, the authors of the bug seem to have motives beyond financial gain.

According to security researchers, no active targets have been seen so far. However, that can be due to the wiper targeting specific entities in Russia.

The authors of the malware do not hide their reasons for spreading the malware. The RURansom code variable responsible for the ransom note contains a message.

"On February 24, President Vladimir Putin declared war on Ukraine. To counter this, I, the creator of RU_Ransom, created this malware to harm Russia. You bought this for yourself, Mr. President. There is no way to decrypt your files. No payment, only damage," reads the note in Russian.

Trend Micro claims that the malware was written in the .NET programming language. The worm spreads by copying itself under the file name in Russian "Russia-Ukraine war update."

The file copies itself to all removable disks and mapped network shares, trying to reach maximum impact.

Once the deployment is complete, the malware encrypts the files. No files are spared the encryption. While .bak files are not encrypted, the malware proceeds to delete them.

The encryption algorithm assigns a random encryption key to each file. Since the keys are not stored anywhere, there's no way to decrypt the files, making the malware a wiper and not ransomware.

According to researchers, some versions of the malware first check if the user's IP address is in Russia.

"In cases where the software is launched outside of Russia, these versions will stop execution, showing a conscious effort to target only Russian-based computers," claim authors of the report.

Wiper warfare

It is not the first time a wiper malware was deployed in this conflict. Security researchersobserved a disk-wiping malware deployed in Ukraine shortly before Russian forces invaded.

The wiper contains driver files that eventually damage the Master Boot Record (MBR) of the infected computer, rendering it inoperable.

According to Crowdstrike, the attackers misused legitimate EaseUS Partition Master drivers to gain raw disk access and manipulate the disk to make the system inoperable.

Ukraine-refugees-crossing
Refugees fleeing Ukraine.

The wiper was dubbed HermeticWiper since the malware's certificate was issued to Hermetica Digital Ltd., a legitimate Cyprus-based company. Other researchers named the novel malware 'DriveSlayer.'

CISA released an advisory on the malware that targeted organizations in Ukraine, with recommendations and strategies to prepare for and respond to the threat.

Security researchers fleeing Ukraine later saidthat the wiper malware was used to disrupt refugees escaping the war in Ukraine, forcing officials to fall back to using pen and paper.

Russian invasion

On the night of February 24, Russian forces invaded Ukraine. In light of the attack, the hacker community started rallying to help Ukrainians.

With Anonymous being the most prominent one, numerous hacker groups and researchers partake in various campaigns to help Ukraine. 

Cyber activists targeted Russian state-controlled media outlets TASS, Kommersant, Izvestia, Fontanka, and RBC, pushing them offline.

An unknown group has set up a website tool that allows people to participate in distributed denial of service (DDoS) attacks against Russian websites that it claims are spreading disinformation.

Others created an 'anti-war hotline' that allows Russian speakers and expats from around the world to call citizens and inform of the atrocities being committed in their name by Vladimir Putin in Ukraine.

Additionally, cybersecurity firms are urgingordinary civilians to join the cyberwar by means of an app that allows them to attack Russian websites spreading disinformation.

Numerous IT-related services got blocked or left the Russian market after the invasion.

According to the United Nations, over 2 million people have fled Ukraine to neighboring counties, while thousands of civilians have perished amidst the fighting.


Comments

Popular posts from this blog

We Bring You Brief Series of Sanctions Against Uganda Government Officials.

📸: Gen Abel Kandiho. On 9-December-2021, USA slapped sanctions against the then CMI Commander Gen Abel Kandiho. 📸: Gen Kale Kayihura. On 9-December-2022, UK slapped sanctions against former Police Boss Gen Kale Kayihura. 📸: Commissioner General of Prisons, Johnson Byabashaija. Again on this 4-December-2023, the same USA has slapped sanctions against Uganda Prisons Commander Johnson Byabashaija over alleged torture and human rights abuses in Prisons across Uganda. We ask, has USA and UK made December as an LCM to slap sanctions against high ranking government officials in Uganda even when the sanctions just remain on paper without deeper investigations to ascertain logical conclusions or remedy to that effect ?. #iip_updates  #Information_is_Power  #we_inform_the_uninformed

How to Host a Website for Free From Your PC or Laptop.

Why pay for a web hosting service when your old computer can do the same thing? Learn how to self-host your site. If you're planning to launch a website but don't want to pay recurring monthly or annual hosting fees, you can use any old laptop or desktop PC to host a website for free. It's a great way to utilize your old system instead of throwing it away. In this guide, we will install and set up services on our 10-year-old laptop to host a WordPress, Joomla, or custom HTML or PHP-based website with a free SSL certificate. MAKEUSEOF VIDEO OF THE DAY Things You Will Need to Host a Website Following are the pre-requisites to host a website for free from home with just your computer: An old laptop or PC running Ubuntu Server. A registered domain name for your website Ethernet cable to connect the laptop or PC to router for reliable and fast connection Step 1: Update and Upgrade the Packages After  installing Ubuntu Server on your computer , execute the following c...

WHERE IS MINISTER OF SEX SIMON LOKODO?. (He deserves a battle of soda from me! Ministe`r esalanga mabee. He is quick to run after Mrs Dr Stella Nyanzi and other Opposition elements. Government aza aza edo zuu vaa kpere bua). Anyway, below is the article! POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit'  Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos. Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.

POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit' Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says  Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos . Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.