It seems that even Ukrainians have gotten used the fact that no matter which ransomware removal tools their Energy Ministry uses, it’ll end up being the subject to another ransomware attack sooner or later. This was never more apparent than the recent ransomware attack that hit the Drupal vulnerability in the Ukrainian Energy Ministry’s online services. According to a statement, efforts are under way to remove ransomware but there seems to be an underlying belief that this will be a momentary solution rather than an enduring solution.
The silver lining in this attack is that this seems to be the work of amateurs, rather than a professional hacking group with a clear agenda. It took some hours for the ransomware removal tools to do it, but they were able to contain the ransomware from spreading. There are suspicions that these amateur hackers unleashed this latest attack as both a prank and a reminder of how woeful the Ukrainian Energy Ministry’s cyber security is.
The Ministry has been subjected to several ransomware attacks ever since a dispute broke out between Russia and Ukraine over the forced annexation of Crimea in 2014. Since then there have been hundreds of attacks on the Ministry’s website that have often led to the loss of important data.
The most serious of these attacks came in late 2016 and early 2017 when multiple ransomware such as BlackEnergy, Bad Rabbit and Petya crippled the ministry. Multiple attempts to remove ransomware were thwarted while the conventional ransomware removal tools proved utterly incapable of countering the attack.
Those attacks were financially motivated as important documents as well as sensitive government files were encrypted and various payments were demanded as a result. When the demands of the perpetrators were not met, another ransomware attack by the name of ExPetr was unleashed, that spread to other government agencies as well. These attacks initially defaced the entire website while a second attack completely encrypted the files and posted a ransom note that demanded 0.1 Bitcoin.
As mentioned earlier, ransomware removal tools proved impotent against these attacks and there’s a lack of proper strategy on how the agency will remove ransomware of this nature.
