The website for Ukraine’s energy and coal ministry was hacked Tuesday to display a message demanding a ransom paid in Bitcoin, but no other government websites or systems were affected, authorities said.
Ukrainian cyber police spokeswoman Yulia Kvitko confirmed an incident involving the federal Ministry of Energy and Coal Industry website that rendered it unreachable Tuesday, Reuters reported.
“Our specialists are working right now … We do not know how long it will take to resolve the issue,” Ms. Kvitko said in a statement.
“Ukrenergo, Energoatom — everything is OK with their sites, it’s only our site that does not work,” added the spokeswoman, referring to two national energy companies. “This case is not large-scale. If necessary, we are ready to react and help.”
The ministry’s website was compromised Tuesday to display a message that said the site’s data had been encrypted and could only be recovered if the perpetrator receives a ransom payable in Bitcoin, a hard-to-trace digital cryptocurrency.
Security researcher Chris Doman told BBC that it appeared that the ministry’s website had been breached previously, and that a second hacker recently came along and added the message requesting payment.
“What has probably happened here is that a hacktivist has hacked the site for fun, then the criminal ransomware attacker has used their back door … to try and make some money,” said Mr. Doman, a researcher at AlienValut, a security firm headquartered in Silicon Valley.
“It’s certainly true that attacks against Ukraine have impersonated ransomware before, to cover their true aim of pure destruction, and in many cases, energy companies such as this have been a prime target,” he said. “However, in this case the evidence points to something more mundane.”
Ransomware typically works by encrypting the contents of infected computers and holding that data hostage until the perpetrator receives a payment.
Computers in over 150 countries were infected in May with a strain of ransomware known as WannaCry, and more recently a ransomware infection crippled government computers in Atlanta, Georgia, disrupting city services and costing taxpayers at least $2.7 million as of last week.
NotPetya, a strain of malicious software masquerading as ransomware, infected companies in 64 nations in June, beginning with Ukraine, The Associated Press reported.
The White House blamed Russia in February with unleashing NotPetya and called the suspected state-sponsored attack “reckless and indiscriminate.” President Vladimir Putin’s spokesman subsequently denied responsibility and called the claims “unsubstantiated and groundless.”
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.