Posted On


Similarity of software for attacking Ukrainian govt websites with WhiteBlackCrypt indicates provocative attempts to present Ukraine as its organizer – CERT-UA

KYIV. Jan 27 (Interfax-Ukraine) – The malware used in the process of a hacker attack on government sites in Ukraine is more than 80% identical to the fake WhiteBlackCrypt Ransom ransomware launched in March 2021, the CERT-UA government cybersecurity team said in a statement.

CERT-UA experts concluded that the WhisperKill malware is more than 80% similar to the Encrpt3d Ransomware, also known as the WhiteBlackCrypt Ransom malware, which targets English-speaking users and was active in March 2021.

CERT-UA said that the ransom message reflected by the WhiteBlackCrypt malware contains a trident, as well as the address of a Bitcoin wallet that was used by an unidentified hacker in 2019 when he reported about bomb threats in buildings in Russia to return 120 bitcoins to Russian oligarch Konstantin Malofeev, to be stolen which the latter was involved in the history of the WEX crypto exchange.

CERT-UA also said that the presence of a ransomware miner Bitcoin wallet in the public domain since 2019 makes it possible for anyone to use it: it is hard to imagine that real attackers have not changed wallets for ransom for more than two years.

“Consequently, the deliberate use on January 13-14, 2022 of the WhisperKill malware, which has morphological similarities to the WhiteBlackCrypt malware, and the use of which is manipulatively associated with the Special Operations Forces of the Armed Forces of Ukraine, is an attempt to provocation and distortion of reality to accuse Ukraine of attacks on January 13 and January 14, 2022,” CERT-UA said.

CERT-UA also reported that in the first ten days of January 2022, provocative letters were sent to Ukrainian organizations calling for attacks against Russia by an unidentified person who introduced himself as the previously mentioned extortionist who reported bombs threats.

The government computer emergency response team CERT-UA continues to analyze data received from the attacked agencies in order to attribute the cyberattack.