Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime

The Curious Case of the Fake Ukrainian Ransomware Attack

Delinea's Joseph Carson on Lessons Learned From the Incident Response Frontlines
Joseph Carson, chief security scientist and advisory CISO, Delinea

Things are not always what they seem. That's one lesson learned by Joseph Carson, who as chief security scientist and advisory CISO to security vendor Delinea regularly gets called on to advise incident response teams or review past cases to identify common tactics being used by attackers.

See Also: Core Elements of Modern Workforce Identity Security

In the course of one such review several years ago - of a case involving a Ukrainian firm that suffered a ransomware infection, the incident looked strange because the attack path didn't appear to involve anything internal, he says.

Long story short: "The organization was actually conducting financial fraud," he says, and ransomware had been deployed to try and hide their tracks, "because ransomware is very good at destroying evidence. It's very good at getting rid of files and locking up systems." But with a bit of additional context, the attempt at misdirection was revealed.

In a video interview with Information Security Media Group, Carson discusses:

  • A Ukrainian ransomware incident with an unusual twist;
  • How a different, pandemic-era ransomware incident traced to shadow IT;
  • Essential business resilience and threat intelligence capabilities for better repelling and surviving attacks.

Carson is a cybersecurity professional and an ethical hacker with more than 25 years of experience in enterprise security. He is the author of "Privileged Account Management for Dummies" and "Cybersecurity for Dummies" and is a cybersecurity adviser to several governments as well as critical infrastructure, financial and transportation companies. He is a seasoned speaker and has presented at conferences globally.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.