Business Continuity Management / Disaster Recovery, Critical Infrastructure Security, Cybercrime
Hacker demands ransom; Ministry says users’ personal data is secure
Mihir Bagwe (MihirBagwe) •
June 6, 2022
The website of the Ministry of Construction, Housing and Utilities of the Russian Federation has been would have been hacked and defaced on Sunday, with its title replaced with the Ukrainian greeting “Slava Ukraine” or “Glory to Ukraine”.
See also: Live Roundtable I Safety First: Preparing for Cybersecurity in a Changing World
The website currently appears to have been restored.
The suspected hacker posted a ransom note on the ministry’s website, demanding payment in bitcoins for not releasing exfiltrated data, according to the state news agency. RIA Novosti reported the same day, citing a ministry official. The representative reportedly told the agency that the personal data of all website users was protected.
The hack request
The suspected hackers demand a ransom of 1 million rubles ($16,000), a local news agency reported Sunday evening. The ransom note states that the hack, likely carried out by the DumpForums.com team, compels the ministry to pay the ransom by Tuesday, according to the news agency. Kommersant.
A review of DumpForums by Information Security Media Group shows a post from an administrator named L’s, who appears to have joined the forum on May 29, 2022. The post reads: “Today one of our forum participants hacked and degraded the state website of the Ministry of construction, housing and communal services of the Russian Federation.”
The message also contains what appears to be a screenshot of the alleged ransom note that was posted on the previously downgraded website. local news agency RBC says website visitors saw this post on Sunday night.
The message states that the personal data of users linked to the website, which includes employees and citizens, has been stolen. To ensure the data is not made public, the suspected hacker on DumpForums demanded a ransom of 0.5 bitcoin (1 million rubles or $16,000) to be paid by midnight Tuesday to a cryptocurrency wallet specified. Failure to do so, they say, will result in the publication of the stolen data.
Data secure, says Russian ministry
The site was inaccessible to the public on Sunday evening. Those who tried to access it received a “Maintenance in progress” message, says RBC.
A spokesperson for the Russian ministry told RIA Novosti that the data theft allegations were false and the data was protected.
“Personal data on our site is protected and regularly checked, there is no threat to it, it is safe,” they reportedly told the agency.
“Unprecedented” level of cyberattacks
Since Russia’s invasion of Ukraine in February, Russian computer security teams have faced a record number of cyber incidents and report unprecedented cyberattacks on Russian networks (see: Russia says it has seen ‘unprecedented’ level of cyberattacks).
The international hacking collective Anonymous, which has supported Ukraine, took responsibility in March for a hack of the German subsidiary of the Russian energy company Rosneft. The group allegedly stole more than 20 TB of data. Although the hack did not affect any business operations, some of Rosneft’s systems and various processes were affected, said Toby Lewis, head of threat analysis at cybersecurity firm Darktrace, at the time (see: Anonymous allegedly hacked Russian energy company Rosneft).
Later that month, hackers also reportedly hacked into infrastructure belonging to the Russian Federal Air Transport Agency, or Rosaviatsia, and erased its database and files, consisting of 65TB of data. This data included documents, files, aircraft registration data and emails from servers (see: Hackers target Russian Federal Air Transport Agency).
Such incidents testify to the rapid increase in the number of cyberattacks targeting public and private entities in Russia. But Russian Deputy Foreign Minister Oleg Syromolotov told the state news agency in May CASS that businesses in his country were secure and protected against cyberattacks from Ukraine.
“Over the years of anti-Russian sanctions and against the background of continuous cyberattacks, we have created our own information security system. All types of illegal actions that we have witnessed in the space of the information are well known to our experts, while Russian software has been deployed in almost all anti-attack systems,” Syromolotov told the agency.