Groundwork for cyberattacks on Ukraine began last year, ransomware was potential decoy: Symantec

Destructive cyberattacks against Ukraine this week ahead of Russia’s invasion were made possible by digital intrusions starting last year, according to cybersecurity company Symantec. The company said ransomware is used as a decoy in such attacks.

Ransomware from Russian-linked cybercriminal gangs hammered American computer networks in 2021. Symantec’s Threat Hunter Team said Thursday that the kinds of attacks hitting Ukraine now have previously used ransomware as a distraction from its more destructive malware.

“Initial indications suggest that the attacks may have been in preparation for some time,” Symantec said on the company’s blog. “Temporal evidence points to potentially related malicious activity beginning as early as November 2021.”

Malware was discovered on hundreds of machines in Ukraine on Wednesday by the cybersecurity firm ESET after several official Ukrainian government websites went dark earlier in the day. Symantec said Thursday that disk-wiping malware was deployed ahead of the Russian invasion into Ukraine against organizations in the aviation, defense, financial and information technology sectors.

Symantec said it has evidence that an organization in Lithuania, a NATO member country, was compromised in November 2021 and an organization in Ukraine was compromised in December 2021. Symantec said it is still working to verify all of its findings.

The potential for the cyberattacks to spread in Europe and America has the chairman of the Senate Intelligence Committee warning of a larger potential cyberwar. Sen. Mark Warner, Virginia Democrat, told Axios that malware unleashed in Ukraine is unlikely to stay within that country’s borders and would most likely affect adjacent nations such as Poland but may spread to America and Britain.

“It suddenly gets into a gray area about, what would the Polish people’s reaction be? What would NATO’s reaction be?” Mr. Warner said. “What would America’s reaction be? Nobody’s physically shot at [American troops], but they could be in harm’s way.”

Mr. Warner told Axios a cyberwar could draw in NATO countries if cyberattacks inside Ukraine deployed by Russian President Vladimir Putin spiral out of control to NATO member states or if the Russian president orders cyberattacks against infrastructure in the U.S. and NATO countries in response to new sanctions from the Biden administration and countries allied with America.