VB2017: Battlefield Ukraine

This summer, Ukraine unwillingly became the battlefield of the hacker group(s) with the supposedly Russian roots and the antivirus industry. This is not the first time when Ukraine attracts attention of cyber security experts. Suffice it to recall in this regard the several waves of cyber attacks against critical infrastructure of Ukraine using the BlackEnergy [1] and Industroyer [2,3] industrial malware supposedly created by a Russian hacker group.

XData ransomware attacked users in Ukraine

On May 18, the author(s) of XData ransomware ran the massive attack against Ukrainian users supposedly leveraging the EternalBlue exploit as well as an ordinary spearphishing email delivery method. A week later, an anonymous user, supposedly the author of AES-NI ransomware the XData is based on, released the master private key. Currently, the XData decryption tools are available. We analysed the XData code and found two host-based 'kill-switches', one of them is about detecting an antivirus running on an infected machine.