In a sampling of 100 Russian Databases 92 had been compromised. It was clear that hackers had accessed these databases, deleted files, and launched a cyber vandalism campaign leaving folders with names like: “putin stop this war”, “stop war”, “no war”, “HackedByUkraine”, and many other pro Ukrainian messages.
It appears that for the majority of the databases we reviewed, most of the files in the folders were wiped out and no longer appeared in the dataset. The anti-Russian hackers used a similar script to the infamous “MeowBot” that changed the name of folders and deleted the contents of the files. In August 2020 Security Discovery’s Bob Diachenko profiled the Meowbot attack that erased thousands of databases over the span of a few days and caused havoc on victims who lost their data and had no way to get it back. Unlike ransomware that encrypts data and demands a payment the MeowBot had no demands. The automated script seemed to have no other purpose except to wipe out data. Some of the activity in the Russian databases appears to be very similar to the 2020 MeowBot attacks (except that this time the demand is for the war to stop).