Cybersecurity Cloud & Data

Russia Ukraine war cyber effect: Russia most targeted country of ransomware, says ESET telemetry

Slovakian cybersecurity firm ESET released a Threat Report that states that Russia has become the most targeted country of ransomware, a ‘side effect’ of the ongoing Russia Ukraine war.

While in the past, ransomware threats tended to avoid targets located in Russia, during this period, according to ESET telemetry, Russia was the most targeted country. ESET researchers even detected lock-screen variants using the Ukrainian national salute “Slava Ukraini!” (Glory to Ukraine!).


Read more: Expert speak: How to safeguard BFSI cybersecurity


ESET released its T1 2022 Threat Report, summarizing key statistics from its detection systems and highlighting notable examples of its cybersecurity research. The latest issue of the report recounts the various cyberattacks connected to the ongoing war in Ukraine that ESET researchers examined or helped to abate. This includes the resurrection of the infamous Industroyer malware, an attempt to target high-voltage electrical substations.

Immediately after the invasion on February 24, scammers started to take advantage of people trying to support Ukraine, using fictitious charities and fundraisers as lures. On that day, ESET telemetry detected a large spike in spam detections

Since the Russian invasion of Ukraine, there has been an increase in the number of amateurish ransomware and wipers. Their authors often pledge support for one of the fighting sides and position the attacks as a personal vendetta.

Unsurprisingly, the war has also been noticeably exploited by spam and phishing threats. Immediately after the invasion on February 24, scammers started to take advantage of people trying to support Ukraine, using fictitious charities and fundraisers as lures. On that day, ESET telemetry detected a large spike in spam detections.

Cyber War

ESET telemetry also recorded other changes in the cyberthreat realm that might have a connection to the situation in Ukraine. Ková? clarifies why this report is so focused on cyber threats related to this war.

“Several conflicts are raging in different parts of the world, but for us, this one is different. Right across Slovakia’s eastern borders, where ESET has its HQ and several offices, Ukrainians are fighting for their lives and sovereignty.”

Several conflicts are raging in different parts of the world, but for us, this one is different. Right across Slovakia’s eastern borders, where ESET has its HQ and several offices, Ukrainians are fighting for their lives and sovereignty

Shortly before the Russian invasion, ESET telemetry recorded a sharp drop in Remote Desktop Protocol (RDP) attacks. The decline in these attacks comes after two years of constant growth – and as explained in the Exploits section of the latest ESET Threat Report, this turn of events might be related to the war in Ukraine. But even with this fall, almost 60% of incoming RDP attacks seen in T1 2022 originated in Russia.

Emotet is Back

ESET telemetry has also seen many other threats unrelated to the Russia/Ukraine war.

“We can confirm that Emotet – the infamous malware, spread primarily through spam email – is back after last year’s takedown attempts, and has shot back up in our telemetry,” explains Roman Ková?, Chief Research Officer at ESET.

We can confirm that Emotet – the infamous malware, spread primarily through spam email – is back after last year’s takedown attempts, and has shot back up in our telemetry

Emotet operators spewed spam campaign after spam campaign in T1, with Emotet detections growing by more than a hundredfold. However, as the Threat Report notes, the campaigns relying on malicious macros might well have been the last, given Microsoft’s recent move to disable macros from the internet by default in Office programs. Following the change, Emotet operators started testing other compromise vectors on much smaller samples of victims.

Much Was Uncovered

The Threat Report also reviews the most important research findings, with ESET Research uncovering: the abuse of kernel driver vulnerabilities; high?impact UEFI vulnerabilities; cryptocurrency malware targeting Android and iOS devices; a yet unattributed campaign deploying the DazzleSpy macOS malware; and the campaigns of Mustang Panda, Donot Team, Winnti Group, and the TA410 APT group.


Read more: Hardware vs. cloud gaming: How & why cloud gaming is the better gaming experience


The report also contains an overview of the numerous talks given by ESET researchers in T1 2022 and introduces talks planned for the RSA and REcon conferences in June 2022, showcasing ESET Research’s discovery of Wslink and ESPecter. These appearances will be followed by a talk at the Virus Bulletin Conference in September 2022.

Navanwita Bora Sachdev

Navanwita is the editor of The Tech Panda who also frequently publishes stories in news outlets such as The Indian Express, Entrepreneur India, and The Business Standard

Recent Posts

DeepSource’s new autonomous AI agents promise to scan, fix code security vulnerabilities

As artificial intelligence (AI) continues to progress exponentially, the future of industries like software engineering…

2 hours ago

Retail’s Return Rate Crisis: The Urgent Need for Proactive Solutions

The average return rate in eCommerce is estimated at 17.6% for 2024. Nearly 1 in 5 products…

18 hours ago

AI Launches: Cybersecurity, AI Agents, product specs, business operating system, automobile, consumer & MSME lending, cloud, data streaming

The Tech Panda takes a look at recent launches in the superfast field of Artificial…

2 days ago

As India’s tech sector on track to surpass $300 billion, CEO of Ness shares insights into AI’s important role 

The tech sector in India has been going from strength to strength in recent years.…

2 days ago

Unknown & uncontrolled machine identities within organizations leading to emergence of new identity security challenges

Experts are saying that organizations are inadvertently creating a new identity-centric attack surface through growing…

2 days ago

Outbound & inbound: India attracts businesses from US & Singapore while expanding to UAE, Europe & Philippines

The Tech Panda takes a look at how India has been attracting foreign businesses from…

3 days ago