The data of several Ukrainian government agencies is erased in a cyberattack

The cyberattack comes as Kiev prepares for a possible invasion by Russia, which has nearly 100,000 troops massed on its border with Ukraine.

The presence of destructive malware on dozens of computers belonging to several Ukrainian government agencies was first reported by Microsoft in a blog post on Saturday evening. This malware, which Microsoft dubbed WhisperGate, “has been registered in several institutions that fell victim to the attack,” Ukraine’s State Service for Special Communications and Information Protection said in a statement on Tuesday. .

“Thus, with a high probability, it can be said that defacing the websites of the government agencies under attack and destroying data using a windshield wiper are components of a cyber attack aimed at causing damage as much as the state’s electronic resource infrastructure as possible,” the agency said.

On Sunday, Ukraine’s Ministry of Digital Transformation issued a statement about the website downgrades. “To date, it can be said that all the evidence points to Russia being behind the cyberattack,” the statement said. “Moscow continues to wage hybrid warfare and is actively building up its forces in information and cyberspace.”

The hack that defaced Ukrainian government agencies and other organizations’ websites on Friday came with the ominous message: “Be afraid and expect the worst.”

Agencies whose computer disks were erased were providing “essential executive branch or emergency response functions,” Tom Burt, Microsoft vice president of security and customer trust, said in a blog post. separated on Saturday.

The malware is not known to have infected energy networks or other critical infrastructure, or military command and control systems. But losing the use of computer systems in a security crisis is a concern, said officials, who have not yet determined how the malware was deposited on the systems.

Microsoft’s Threat Intelligence Center said in its blog post that once the malware is activated, it overwrites the contents of the computer’s “master boot record”, or the part of the hard drive without which the operating system will not work.

Once this happens, the computer is essentially unusable. Restoring functionality can be expensive and time-consuming.

WhisperGate posed as ransomware. Once activated, and the computer turned off and on again, a fake ransom note appeared warning that the user’s hard drive had been corrupted and demanding $10,000 via bitcoin to restore it.

But the ransom note was a ruse, Microsoft said.

Yurii Shchyhol, head of Ukraine’s State Service of Special Communications and Information Protection, said in an interview on Tuesday that he expects agencies to be able to restore their data to from backups. Work should be completed by Wednesday, he said.

One of the agencies affected, he said, was the Automobile Insurance Bureau.

Shchyhol said Ukraine’s cyber emergency response team went into action at 3:50 a.m. Friday when the website downgrades were first detected.

He said the team coordinated with the Cybersecurity and Infrastructure Security Agency of the US Department of Homeland Security.

Stern reported from Kiev.

Ashley C. Reynolds