Business Continuity Management / Disaster Recovery
Critical Infrastructure Security
Hacker Demands Ransom; Ministry Says Personal Data of Users Secure
The website of the Ministry of Construction, Housing and Utilities of the Russian Federation was reportedly hacked and defaced on Sunday, with its title changed to the Ukrainian greeting “Slava Ukraine” or “Glory to Ukraine.”
See Also: Live Panel Discussion I Security First: Cyber Readiness in a Changing World
The website currently appears to have been restored.
The alleged hacker posted a ransom note on the ministry’s website, seeking a payment in bitcoin to not publish exfiltrated data, the state-owned news agency RIA Novosti reported the same day, citing a ministry representative. The representative reportedly told the agency that personal data of all website users was protected.
The Hack Claim
The alleged hackers seek a ransom of 1 million rubles ($16,000), a local news agency reported on Sunday night. The ransom note indicates that the hack, likely perpetrated by the DumpForums.com team, requires the ministry to pay the ransom by Tuesday, according to news agency Kommersant.
A review of DumpForums by Information Security Media Group shows a post by an administrator named L’s, who appears to have joined the forum on May 29, 2022. The post says: “Today, one of the participants in our forum hacked and defaced the state website of the Ministry of Construction, Housing and Communal Services of the Russian Federation.”
The post also contains what appears to be a screenshot of the alleged ransom note that was posted on the previously defaced website. Local news agency RBC says website visitors were shown this post on Sunday evening.
The message says that the personal data of users linked to the website, who include employees and citizens, has been stolen. To ensure that the data is not made public, the alleged hacker on DumpForums demanded a ransom of 0.5 bitcoin (1 million rubles or $16,000) to be paid before midnight on Tuesday to a specified cryptocurrency wallet. Failure to do so, they say, will result in the public release of the stolen data.
Data Secure, Says Russian Ministry
The website was inaccessible to the public on Sunday evening. Those who tried to access it were shown a “Maintenance in Progress” message, RBC says.
A Russian ministry spokesperson told RIA Novosti that the data theft claims were untrue, and that the data was protected.
“The personal data of our site are protected and regularly monitored, there is no threat to them, they are safe,” they reportedly told the agency.
‘Unprecedented’ Level of Cyberattacks
Since Russia’s invasion of Ukraine in February, Russian IT security teams have been contending with a record number of cyber incidents and report unprecedented cyberattacks on Russia’s networks (see: Russia Says It’s Seen ‘Unprecedented’ Level of Cyberattacks).
International hacking collective Anonymous, which has backed Ukraine, in March took responsibility for a hack on the German subsidiary of Russian energy company Rosneft. The group reportedly stole more than 20TB of data. While the hack did not affect any business operations, some of Rosneft’s systems and various processes were affected, Toby Lewis, head of threat analysis at cybersecurity firm Darktrace, told ISMG at the time (see: Anonymous Reportedly Hacked Russian Energy Firm Rosneft).
Later that month, hackers allegedly also breached infrastructure belonging to Russia’s Federal Air Transport Agency, or Rosaviatsiya, and wiped out its database and files, consisting of 65TB of data. This data included documents, files, aircraft registration data and emails from the servers (see: Hackers Target Russian Federal Air Transport Agency).
Incidents such as these bear witness to the rapid rise in the number of cyberattacks aimed at public and private entities in Russia. But Russian Deputy Foreign Minister Oleg Syromolotov in May told state-run news agency TASS that the companies in his country were secure and protected from Ukraine’s cyberattacks.
“Over the years of the anti-Russian sanctions and against the background of continued cyberattacks, we have created an information security system of our own. All kinds of unlawful action we have witnessed in the information space are well known to our experts, while Russian software has been rolled out almost in every anti-attack system,” Syromolotov told the agency.