The national postal service of Ukraine, Ukrposhta, has suffered a two-day-long DDoS cyber attack, causing a disruption of the organization’s activities, and especially its parcel tracking service.
Ukrposhta provides more than 50 different kinds of services, and has over 76,000 employees in total, but the reason the attack was targeted at the organization’s parcel tracking service remains unknown.
The Story So Far
Earlier this month, Ukrposhta updated its Facebook page with a post stating that the company had been DDoS’d.
The attacked began in the morning, and was brought under control later in the day by the IT department.
The post further explains that the attacks had already resumed for a second day, and were currently underway as the post was published.
The website and services were working, but they were very slow and often interrupted.
This incident comes just two months after the NotPetya ransomware attacks, which hit global networks earlier this summer.
According to information released by Ukrposhta in July, the organization’s network was hit by the NotPetya cyber attack on June 27.
NotPetya was given its name by Kaspersky Lab, a Russian security software company which pointed out that the malware was not Petya, which was being advertised for sale on a Russian forum for hackers.
The NotPetya attack affected over 300,000 computers across Europe, with Ukraine being the epicenter of the attack.
This DDoS attack on Ukrposhta has some experts continuing to believe that Russia is hell-bent on crippling Ukraine’s cyber infrastructure.
Other cyber security experts, though, believe that a state-sponsored attack will not make use of software that has already been advertised on hacker forums.
The NotPetya attack crippled energy companies, the state telecommunications company, the Ukrainian Postal Service, State Savings Bank and the Kiev airport, in the nation’s capital.
Ransomware vs. Ransom DDoS
Malware like Petya are called Ransomware, because they encrypt the files on a computer for example, and then demand a ransom—usually in Bitcoins—for the user to regain access to the files.
RDoS or Ransom DDoS, on the other hand, threatens a Distributed Denial of Service attack on an organization’s servers if a ransom is not paid.
Some hackers will even go as far as delivering a sample cyber attack, which might last for just a few minutes or even 24 hours.
Ukrposhta has not released any statements or claims as to whether there were any ransom demands, either before or after the attacks.
Botnets on the Rise
In a recent release of the Q2 2017 DDoS Intelligence Report, the Russian cyber security firm Kaspersky Lab noted that the second quarter saw DDoS attacks in 86 countries.
Combined, the attacks reached a total of 277 hours, which is more than 11 days long.
This was a 131 percent longer time period than 2017’s Q1 record attacks.
Countries hit by hackers in these recent attacks included the U.S., Hong Kong, South Korea, Russia, Italy, China, and many more.
With the increase in IoT (Internet of Things) devices and cryptocurrencies like Bitcoin, botnets will likely continue to increase in size and power.
The Million Dollar Ransom
In June, a South Korean web hosting company called Nayana paid a $1 million ransom to a hacker group known as the Armada-Collective.
They are considered one of the earliest hacker groups that popularized DDoS cyber attacks.
Although Ukrposhta is a government agency, private organizations and businesses usually stand to lose thousands if not millions with a single DDoS attack.
For medium sized and larger corporations, at least $250,000 would be at risk for each hour of a DDoS attack.
On the other hand, a DDoS cyber attack could be purchased from a hacker’s forum for as little as $5 for a small, five-minute attack—while more elaborate and massive attacks could run into the hundreds or thousands of dollars.
Alternatively, the hacker could build or buy his own kit and create a very personal botnet.
It is still unclear as to why the Ukrainian Postal Service was specifically targeted in this recent cyber attack.
Quite interesting, too, is the specific targeting of the organization’s parcel tracking service.
Customers who can’t track their parcels will of course grow disgruntled and look for a better service provider.
This cyber attack, therefore, smells of Ransom-DDoS, but its nature is not known for certain.