Russian Ministry of Construction website hacked

Business Continuity Management / Disaster Recovery, Critical Infrastructure Security, Cybercrime

Hacker demands ransom; Ministry says users’ personal data is secure

Mihir Bagwe (MihirBagwe) •
June 6, 2022

A screenshot of the ransom note posted on DumpForums (Source: ISMG)

The website of the Ministry of Construction, Housing and Utilities of the Russian Federation has been was reportedly hacked and defaced on Sunday, with its title replaced with the Ukrainian greeting “Slava Ukraine” or “Glory to Ukraine”.

See also: Live Roundtable I Safety First: Preparing for Cybersecurity in a Changing World

The website currently appears to have been restored.

The suspected hacker posted a ransom note on the ministry’s website, demanding payment in bitcoins for not publishing exfiltrated data, state news agency RIA Novosti reported the same day, citing a ministry official. The representative reportedly told the agency that the personal data of all website users was protected.

The hack request

The suspected hackers are demanding a ransom of 1 million rubles ($16,000), a local news agency reported Sunday evening. The ransom note says the hack, likely carried out by the team, compels the ministry to pay the ransom by Tuesday, according to the Kommersant news agency.

A review of DumpForums by Information Security Media Group shows a post from an administrator named L’s, who appears to have joined the forum on May 29, 2022. The post reads: “Today one of our forum participants hacked and degraded the state website of the Ministry of construction, housing and communal services of the Russian Federation.”

A screenshot of the DumpForums post claiming hacking and defacement of the Russian government website (Source: ISMG)

The message also contains what appears to be a screenshot of the alleged ransom note that was posted on the previously downgraded website. According to the local news agency RBC, visitors to the website saw this message on Sunday evening.

The message states that the personal data of users linked to the website, which includes employees and citizens, has been stolen. To ensure the data is not made public, the suspected hacker on DumpForums demanded a ransom of 0.5 bitcoin (1 million rubles or $16,000) to be paid by midnight Tuesday to a cryptocurrency wallet specified. Failure to do so, they say, will result in the publication of the stolen data.

Data secure, says Russian ministry

The site was inaccessible to the public on Sunday evening. Those who tried to access it received a “Maintenance in progress” message, says RBC.

A spokesperson for the Russian ministry told RIA Novosti that the data theft allegations were false and the data was protected.

“Personal data on our site is protected and regularly checked, there is no threat to it, it is safe,” they reportedly told the agency.

“Unprecedented” level of cyberattacks

Since Russia’s invasion of Ukraine in February, Russian IT security teams have faced a record number of cyber incidents and are reporting unprecedented cyberattacks on Russian networks (see: Russia says it has seen ‘unprecedented’ level of cyberattacks).

The international hacking collective Anonymous, which has supported Ukraine, took responsibility in March for a hack of the German subsidiary of the Russian energy company Rosneft. The group allegedly stole more than 20 TB of data. Although the hack did not affect any business operations, some of Rosneft’s systems and various processes were affected, said Toby Lewis, head of threat analysis at cybersecurity firm Darktrace, at the time (see: Anonymous allegedly hacked Russian energy company Rosneft).

Later that month, hackers also reportedly hacked into infrastructure belonging to the Russian Federal Air Transport Agency, or Rosaviatsia, and erased its database and files, consisting of 65TB of data. This data included documents, files, aircraft registration data and emails from servers (see: Hackers target Russian Federal Air Transport Agency).

Such incidents testify to the rapid increase in the number of cyberattacks targeting public and private entities in Russia. But Russian Deputy Foreign Minister Oleg Syromolotov told the official TASS news agency in May that his country’s businesses were safe and protected from cyberattacks by Ukraine.

“Over the years of anti-Russian sanctions and against the background of continuous cyberattacks, we have created our own information security system. All types of illegal actions that we have witnessed in the space of the information are well known to our experts, while Russian software has been deployed in almost all anti-attack systems,” Syromolotov told the agency.

Comments are closed.