NoName Ransomware Attack On Ukraine Targets 6 Govt Sites
NoName ransomware group has reportedly launched an attack on several Ukrainian government websites. Accordbank, Zaporizhzhya Titanium-Magnesium Plant, State Tax Service, Central Interregional Tax Administration, Western Interregional Tax Administration, and the Main Directorate of the State Tax Service in Kyiv are some of the latest victims of this cyber assault.
In an attempt to verify the claims made by the threat actor, The Cyber Express investigated the situation and found that the website of Zaporizhzhya Titanium-Magnesium Plant is currently operational. However, the other websites listed as targets by the NoName ransomware group faced disruptions and connectivity issues, displaying error messages such as 403 forbidden.
On the dark web leak portal, the NoName ransomware group posted a list of their latest Distributed Denial of Service (DDoS) attack victims. Screenshots of this dark web post were widely shared on Twitter. The message posted by the group on the screenshot reads, We continue to nightmare Ukrainian sites (evil emoji).
The websites for Ukraine’s State Tax Service, Central Interregional Tax Administration, Western Interregional Tax Administration, and the Main Directorate of the State Tax Service displayed various error messages, including bad gateway and other related issues.
It is worth noting that the websites of the Central Interregional Tax Administration, Western Interregional Tax Administration, and the Main Directorate of the State Tax Service are linked to the main website of Ukraine’s State Tax Service. Therefore, it appears that the NoName ransomware attack on Ukraine’s State Tax Service has also impacted these linked websites.
Looking into specific cases, the website of Ukraine’s Accordbank showed a 403 Forbidden error message. Similarly, the website of the Ukrainian State Tax Service displayed a message stating, This site can’t be reached. tax.gov.ua took too long to respond. These issues were consistent across the websites of the Central Interregional Tax Administration and the Main Directorate of the State Tax Service in Kyiv as well.
This incident comes amidst an ongoing conflict between Russia and Ukraine, as numerous hacktivist groups from both sides engage in cyber warfare. These hacker collectives are often backed by government agencies or act as cyber-patriots, committing cybercrimes in the name of their nations.
Prior to the NoName ransomware attack on Ukraine, the same hacker group targeted multiple Finnish government websites. On the dark web, the group proudly stated, Finland continues to receive our New Year’s gifts (evil smile emoji). The goal of these attacks seemed to be disrupting Finland’s critical infrastructure and causing chaos for its citizens. The victims of the NoName DDoS attacks in Finland were exclusively government organizations associated with transportation facilities.
It is crucial to stay vigilant in the face of such cyber threats and ensure robust cybersecurity measures are in place to protect critical infrastructure. As governments around the world grapple with these rising challenges, international cooperation becomes paramount in the fight against cybercriminals.
While investigations into the NoName ransomware attack continue, affected organizations are working tirelessly to restore their websites and ensure the safety of their systems.