Biden warns of US 'cyber' response after Ukraine says computers wiped during attack

Two Ukrainian agencies said their computers were wiped due to a larger attack on government systems.
Written by Jonathan Greig, Contributor

US President Joe Biden responded forcefully to reports of a wide-ranging cyberattack on Ukrainian government systems Wednesday afternoon, telling reporters that the US would respond with its own cyberattacks if Russia continues to target Ukraine's digital infrastructure.  

"The question is if it's something significantly short of an...invasion or major military forces coming across," Biden said in response to a question about how the US would respond to a Russian invasion of Ukraine. 

"For example, it's one thing to determine that if they continue to use cyber efforts, well, we can respond the same way, with cyber."

The Daily Beast later asked White House Press Secretary Jen Psaki, and she confirmed that if Russia continued to launch cyberattacks, they would be answered with a "decisive, reciprocal, and united response."

Biden's comments come after Ukrainian officials told journalist Kim Zetter that dozens of systems within at least two government agencies were wiped during a cyberattack last week. Microsoft released a detailed blog about wiping malware, named "WhisperGate," and said it was first discovered on January 13. 

In a follow-up examination of WhisperGate, security company CrowdStrike said the malware aims "to irrevocably corrupt the infected hosts' data and attempt to masquerade as genuine modern ransomware operations." 

"However, the WhisperGate bootloader has no decryption or data-recovery mechanism and has inconsistencies with malware commonly deployed in ransomware operations," CrowdStrike explained.

"The activity is reminiscent of VOODOO BEAR's destructive NotPetya malware, which included a component impersonating the legitimate chkdsk utility after a reboot and corrupted the infected host's Master File Table (MFT) -- a critical component of Microsoft's NTFS file system. However, the WhisperGate bootloader is less sophisticated, and no technical overlap could currently be identified with VOODOO BEAR operations."

Yurii Shchyhol, head of the State Service of Special Communications and Information Protection of Ukraine, told The Washington Post that one of the agencies affected by the wiper was the Motor Vehicle Insurance Bureau. 

The wipers were launched days after more than 70 Ukrainian government websites were defaced by groups allegedly associated with Russian secret services

While it was initially unclear whether the website defacements and the wiper attacks were coordinated, Ukrainian officials confirmed this week that they occurred at the same time. Kitsoft, the company that built about 50 of the government websites, told Zetter that it too discovered WhisperGate malware on its systems. 

Ukraine's State Service for Special Communications and Protection confirmed Zetter's reporting in a statement. Ukrainian officials floated several theories for how hackers got into their systems, theorizing that a CMS vulnerability may have been the cause. 

The Cyberpolice Department of the National Police of Ukraine also said hackers may have gotten in using the Log4J vulnerability or through compromised employee accounts. 

According to The Washington Post, Russia has brought more than 100,000 troops to its border with Ukraine. The Associated Press reported this week that Poland was also raising its nationwide cybersecurity terror threat level in response to the attacks on Ukraine. 

Editorial standards