Ransomware infects Ukraine energy ministry website

Hackers have used ransomware to take the website of Ukraine’s energy ministry offline and encrypt its files.

The website currently contains a message written in English, demanding a ransom of 0.1 bitcoin – worth $927.86 (£664.98) by today’s exchange rate.

Ukranian cyber-police spokeswoman Yulia Kvitko said the attack is an “isolated incident” and no other government websites have been affected.

She added that the energy ministry’s email system was still up and running.

“This case is not large-scale. If necessary, we are ready to react and help,” said Ms Kvitko.

“Our specialists are working right now… We do not know how long it will take to resolve the issue.”

Hacker ‘opportunists’

According to cyber-security research firm AlienVault, the hackers behind this cyber-attack have previously compromised other websites, but they have only made about £100 from their efforts.

AlienVault believes the energy ministry website has been attacked by two different hackers – the first hacker, who signs his name “X-zakaria” at the bottom of the webpage, merely defaced the website.

The security firm believes that a second hacker then came along, encrypted the website’s files, and added a ransomware screen and payment details.

“What has probably happened here is that a hacktivist has hacked the site for fun, then the criminal ransomware attacker has used their backdoor, which you can see at the bottom of the page, to try and make some money,” AlienVault security researcher Chris Doman told the BBC.

He said that it was likely that these hackers were amateurs, rather than nation state attackers.

“It’s certainly true that attacks against Ukraine have impersonated ransomware before, to cover their true aim of pure destruction, and in many cases, energy companies such as this have been a prime target,” said Mr Doman.

“However, in this case the evidence points to something more mundane.”

Source: bbc.com