Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Ransomware Used as Decoy in Data-wiping Attacks on Ukraine

Ransomware Used as Decoy in Data-wiping Attacks on Ukraine

The new data wiper malware deployed on Ukrainian networks in destructive attacks on Wednesday right before Russia invaded Ukraine earlier today was, in some cases, accompanied by a GoLang-based ransomware decoy.

“In several attacks Symantec has investigated to date, ransomware was also deployed against affected organizations at the same time as the wiper. As with the wiper, scheduled tasks were used to deploy the ransomware,” Symantec revealed today.

“It appears likely that the ransomware was used as a decoy or distraction from the wiper attacks. This has some similarities to the earlier WhisperGate wiper attacks against Ukraine, where the wiper was disguised as ransomware.”

The ransomware decoy also dropped a ransom note on compromised systems, with a political message saying that “The only thing that we learn from new elections is we learned nothing from the old!”

Also Read: Privacy policy template important tips for your business

The ransom note instructs the victims to reach out to two email addresses (i.e., [email protected] and [email protected]) to get back their files.

Ukraine ransom note
Note dropped in Ukraine decoy ransomware attacks (Source:BleepingComputer)

The wiper, dubbed HermeticWiper by SentinelOne principal threat researcher Juan Andres Guerrero-Saade, was dropped in yesterday’s attacks targeting Ukrainian organizations, and it also ended up on systems outside Ukraine’s borders.

Targets that were hit by wiper attacks also included finance and government contractors from Ukraine, Latvia, and Lithuania, as Vikram Thakur, Technical Director at Symantec Threat Intelligence, told BleepingComputer.

The HermeticWiper wiper

While the cyberattacks occurred yesterday, cybersecurity firm ESET noted that the HermeticWiper malware had a compilation date of December 28th, 2021, which hints at the attacks having been planned.

Also Read: 4 easy guides to data breach assessment

Symantec found evidence of attackers gaining access to victims’ networks well in advance by exploiting Microsoft Exchange vulnerabilities as early as November 2021 and installing web shells before deploying the wiper malware.

For instance, “an organization in Lithuania was compromised from at least November 12, 2021, onwards,” Symantec said.

The wiper malware uses EaseUS Partition Manager drivers to corrupt compromised devices’ files before rebooting the computer. As security researcher Silas Cutler also found, the data wiper also trashes the device’s Master Boot Record, rendering all infected devices unbootable.

This was the second data wiper used against Ukrainian networks since the start of the year. As Microsoft disclosed in January, a destructive data-wiping malware dubbed WhisperGate and camouflaged as ransomware was used in attacks targeting Ukrainian organizations.

Just as HermeticWiper, WhisperGate was used to corrupt files and wipe compromised devices’ Master Boost Records, making it impossible to boot into the operating system or access files stored on the hard drive.

No attribution for yesterday’s attacks on Ukraine, yet

Yesterday’s malware attacks came together with DDoS attacks against Ukrainian government agencies and state-owned banks, similar to the one used last week when similar DDoS disruptions affected Ukrainian government sites and banks.

While the Wednesday attacks have not been attributed, the White House linked last week’s DDoS attacks to Russia’s Main Directorate of the General Staff of the Armed Forces (also known as GRU).

Data wipers have also been a tool often used by Russian state-sponsored hacking groups in the past. A wiper attack that hit thousands of Ukrainian businesses with the NotPetya ransomware in 2017 was linked by the US three years later to Russian GRU hackers.

In 2020, Russian GRU hackers believed to be part of the elite Russian hacking group known as Sandworm were formally indicted by the US for the NotPetya attacks.

This month’s DDoS and malware attacks follow a press release from Ukraine’s Security Service (SSU) saying that the country is the target of a “massive wave of hybrid warfare.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us