The database developed by Shchyhol and his agency helped Ukraine repel a Russian attack on Ukrainian energy-producing companies earlier this year. “They used the same virus as in 2017,” he said. At the time, Russia used the Industroyer virus; the country deployed an updated version called Industroyer 2 earlier this year. “Because we were prepared for such an attack, we successfully fought it off, preventing damage to this company,” Shchyhol said. He added that this prevented 2 million people from going without power.
Ukraine’s cybersecurity chief has acknowledged that at least one Ukrainian database has been wiped as a result of Russia’s reports of widespread use of Wiper malware: the government’s Motor Insurance Policy Directorate, which insures Ukrainian drivers. “For two weeks, the bureau was unable to issue insurance policies to their customers,” Shchyhol said. But the bureau – like many in Ukraine – was warned of the risks and had a backup that allowed it to return to normal operations relatively quickly.
“The efficiency of any cyber combat effort should not be judged by the fact that we make it impossible for attackers to attack us,” Shchyhol said. “The real test of our performance is [speed] The service can be restarted, and the fact that no important data was stolen by the perpetrator. “
Ukraine’s defenses are also covered by pro-Ukrainian hacking activists in the realm of cyber warfare — a term he prefers to use here. “I’m not just talking about the Ukrainian IT army,” a Telegram group that was formed at the start of the intrusion and had over 300,000 subscribers at its peak, “but also other hacker activists around the world who joined the effort at the beginning of the intrusion. Shchyhol said these hacktivists provided much-needed help — even if there was little evidence that the hacktivist army had any meaningful impact. In fact, a recent academic analysis likened their work to breaking into an abandoned mall in a small city and spraying “Putin sux” on the walls.
“As a soldier, I believe that anything that weakens our enemies is good for us,” he said. But Shchyhol is keen to make it clear that this is his personal opinion – hoping to avoid any suggestion of state collusion or organization in Ukraine. “They are a self-organizing community that operates by setting their own goals,” he said. “The Ukrainian government did not coordinate their activities, nor did they sponsor their activities. As the Ukrainian government, we did not directly order them to target targets like infrastructure.” Even if they did, Shchyhol said, due to “all the crimes they committed here ”, Russia and its infrastructure would be legitimate targets.
But instead of targeting critical infrastructure with aggressive attacks by hackers, Shchyhol suggested that targeted moves by IT companies could do just as much damage. In July, he called for international companies serving Russia to withdraw from the country. “Our enemies are currently employing tactics like medieval tribes,” he said. “Attempts to attack territory and use blunt force to modify countries to be what they want them to be. In order for them to continue using this blunt force, they rely on constant access to modern technology.”
Without that access, Shchyhol said, “they would be thrown back into the Middle Ages. Any technology that fell into Russian hands, they would immediately try to use it for military purposes.” He estimates that his agency, Ukraine’s vice president and others Ninety-five percent of tech companies approached by government officials have already exited the Russian market. These include Cisco, HP, IBM and Dell.
As for companies that don’t, Shchyhol has a simple message. “The entire civilized world needs to realize that the threat is not limited to Ukraine,” he said. “Cyberspace has no boundaries. If there is any attack on one country’s cyberspace, by default it will also affect and attack other countries.”
