The war in Ukraine is not just being fought on the ground. The battle for dominance increasingly happens on the digital field, where a worldwide network of cyber-soldiers conduct attacks to disrupt Russia's war effort, from the outside and inside too.
Since the beginning of the war in Ukraine, Russian and Ukrainian hackers have been fighting tit for tat on what we can call the "digital front line." To quantify the firepower involved, the number of ransomware attacks on Russian companies has tripled since Feb. 28, according to Kaspersky Lab, a Russian multinational cybersecurity firm that found a direct link between the uptick in online targeting to the breakout of military conflict in Ukraine.
At the same time, developers of information security solutions such as Fortinet, ESET, Avast and NortonLifeLock Inc. have left the Russian market, making it harder for companies to protect themselves against external attack.
Earning cash through online ransoms and blackmail has often served as the motivation for carrying out cyberattacks. But prior to the war, cybercriminals had tended to keep news headlines in mind when going after their targets — for example, at the beginning of the COVID-19 pandemic, when users were faced with a large amount of spam and phishing emails.
The new motive for cyberattacks
In 2022, however, the face of cybercrime has evolved. Attacks are now driven more by personal motives and moral convictions than by a desire for financial gain.
The goal of new attacks is to block or complicate access to the victim’s data. Alexey Chuprinin, head of Application Security Softline, tells Russian business daily Kommersant that hackers are “not only targeting companies that are capable of paying a ransom, for example industry and finance — they are also targeting organizational structures, which can cause a public outcry.”
Using Russian ransomware against Russian companies seemed like the perfect '"f*ck you."
Immediately after the outbreak of war, Conti, a ransomware-as-a-service group, announced unequivocal support for the Russian government. In retaliation, a partner working from Ukraine, posted information about the identities of Conti members, as well as the source code of the ransomware program.
This “allowed hacktivists to use this family of programs against organizations in Russia,” said the head of the Group-IB digital forensics laboratory, Oleg Skulkin. It served as a means to protest against their own government anonymously.
Similarly, a representative of Ransomware group Network Battalion 65 (NB65) told Tech Novosti how a former member of the Russian group Trickbot leaked two years of chat logs as well as a host of operational data regarding their group.
“We took a copy of the source code and decided that it would be a good idea to use this ransomware against Russia. The irony of using Russian ransomware against Russian companies seemed like the perfect 'f*ck you,'" he said. "This is our way of saying 'Russian ship, Russian ship, this is Network Battalion 65. F*ck you!'"
The Ukrainian government is welcoming this growth in hacking. Slava Banik, head of the IT Army Of Ukraine at the country's Ministry of Digital Transformation, tells Euronews that more than 300,000 people worldwide are using their computers to help disrupt Russia’s war efforts, as well as the everyday lives of Russian civilians.
It is a tactic that even ordinary non-tech-savvy citizens can resort to.
One way of doing this is to overload Russian websites with junk traffic, forcing them offline. It is a tactic that even ordinary non-tech-savvy citizens can resort to, and it can be used to target Russian banks, governmental websites and media.Meanwhile, the Ukrainian army has grouped together around 3,000 IT specialists, divided in so-called digital "battalions," who carry out cyberattacks on Russian websites every day. All actions are coordinated with the main headquarters of the Armed Forces of Ukraine in Kyiv.
War from the bedroom
In its latest report, Kaspersky Lab backs its thesis that cyber-incidents are politically motived, as variants of encryption programs that are made exclusively in Ukraine are involved in attacks on Russian resources.
One of the malwares recently discovered by experts was the Freeud viper, developed by pro-Ukrainian supporters. The ransom note sent after activating the program states that Russian troops must leave Ukraine.
“The choice of words and the way the note is written suggest that it was written by a native Russian speaker,” Kaspersky experts say.
Yes, the enemy (on or offline) can be where you least expect him.