Montenegro Sent Back to Analog by Unprecedented Cyber Attacks

"After the ransomware attack last week, Government DNS namespace is blocked so the administration switched to offline mode. According to internal investigation, a cyber-attack happened after a malicious software was uploaded from the computer in one of Government services," a government source told BIRN, speaking on condition of anonymity.

One source said security services were investigating the possibility of an "inside job," by which the malware was uploaded onto a computer system in a major government ministry.

"Right now, we know that it did not happen online, by 'phishing', but are still investigating the two possible locations within the government administration," the source said.

The attack has become a hot topic in hacker chat groups online and on the dark web, with some comparing it to a ransomware assault on an IT supplier to the UK health service, the NHS, earlier in August.

"Putting it in simple terms, when the government's two main servers are downs for a week, the two main DNS namespaces are offline, it means that someone locked your entire data on those servers and took the key but even if the key is returned eventually, you don't know which data is lost for good," said one member of a hacker group monitored by BIRN.

After initially pointing the finger at Russia, Montenegrin authorities are now blaming a criminal group by the name of 'Cuba Ransomware', but hackers BIRN spoke to said the attack did not fit Cuba's modus operandi.

"If it is Cuba Ransomware, which is officially confirmed only for the Montenegrin parliament server, it would be a weird development," said one. "The group usually attacks big financial data servers, security or health systems, where private data or accounts of citizens and companies...

Continue reading on: