It has been reported that the Ukrainian authorities have posted information warning of a new ransomware campaign against organizations in the war-torn country. In a brief notice, the Ukrainian CERT said it had discovered phishing emails spoofed to appear as if sent from the “Press Service of the General Staff of the Armed Forces of Ukraine.”
The full story can be found here: https://www.infosecurity-magazine.com/news/ukraine-warns-of-cuba-ransomware/
Ukraine has been under a deluge of cyber attacks since the start of Russia’s invasion, and that’s not going to stop any time soon. This case is a fairly typical phishing message designed to trick the victim into downloading malware. It can be avoided by following a few simple best practices for operational security. Never click on links or messages in unsolicited emails, and always check the domain of the sender’s email address. Unfortunately, this campaign likely targeted hundreds or thousands of people, and only a fraction of them need to fall victim for the attack to be successful.
We can expect to see attacks like this to be on the rise as long as the war continues between Ukraine and Russia. While I would normally stress the importance of educating users as to the risks of clicking links and opening attachments in unsolicited emails, I know that trying to survive in a war-torn country doesn’t leave much time for educational activities. Unfortunately, for-profit hacking groups are joining in on the cyberattacks against targets in Ukraine, increasing users’ cyber risks.