Data wiping assaults targeting Ukraine could spread to targets in other countries, according to the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). Following Russia’s unjustified invasion of Ukraine, the two federal agencies issued this statement in the form of joint cybersecurity advice posted over the weekend.
Even though the two malware variants have so far only been used against Ukrainian systems, malicious actors could unintentionally pursue other targets, and US firms should be prepared to counter such destructive cyberattacks.
“Further disruptive cyberattacks on Ukrainian companies are expected to occur,” CISA and the FBI stated, “and may unintentionally spill over to entities in other countries.” “Organizations should improve their vigilance and evaluate their preparedness, detection, and response capabilities for such an incident.”
The advisory comes in the wake of malware attacks in Ukraine that used the HermeticWiper malware and ransomware decoys to wipe data on targets’ machines and leave them unbootable. Another wave of assaults using the WhisperGate wiper software masquerading as ransomware hit Ukraine in January.
The HermeticWiper and WhisperGate malware details and indicators of compromise (IOCs) are shared in the joint advisory to assist enterprises in detecting and blocking such malware. It also offers advice and recommendations for network architecture, security baselines, continuous monitoring, and incident response.
The advice cautions that “destructive malware can pose a direct threat to an organization’s everyday operations, affecting the availability of essential assets and data.” “Organizations should improve their vigilance and examine their capacities for such an incident, which includes planning, preparation, detection, and response.”
The following are some of the immediate countermeasures that businesses should take in the event of an attack:
The joint advice concludes with a comprehensive list of probable distribution routes to monitor and block, as well as best practices and planning techniques. The FBI and CISA also urged companies to keep forensic data for internal investigations and possible law enforcement inquiries, as well as to report any incidents that may arise.