Thursday, July 18, 2024

New Destructive Malware Attack That Wipes Master Boot Records

A destructive malware operation has been detected recently by the security experts at Microsoft Threat Intelligence Center (MSTIC) in which the threat actors are targeting several Ukrainian organizations and government agencies.

In this malicious campaign, the threat actors are targeting the MBR of affected or targeted systems in which they wipes the Master Boot Records (MBR).

While on January 13, 2022, in Ukraine this malware was first identified on the systems of its victim, and that’s why due to these ongoing malicious operations in Ukraine, Microsoft has urged organizations and agencies to stay alert to remain protected.

Are there any known associations behind these ongoing operations? 

The straight answer to this question is, “NO,” since, till now Microsoft’s MSTIC has not detected any notable activity, but, they have tracked one as “DEV-0586.”

The most astonishing thing about this malware is that it’s designed to look like ransomware without a ransom recovery mechanism.

Why the operators have done this?

Instead of getting any ransom, the operators of this malware have specifically designed this malware to be destructive and induce the devices of their targets.

Orgs targeted

During the investigation, Microsoft has discovered multiple systems from multiple organizations were impacted due to this malware, and here we have mentioned the affected orgs below:-

  • Multiple government organizations.
  • Non-profit organizations.
  • Information technology organizations.

Observed activity

The activity observed by the cybersecurity researchers are:-

  • Overwrite Master Boot Record to display a faked ransom note.
  • File corrupter malware

Apart from this, in the below image we have listed all the hardcoded file extensions used by the attackers.


To mitigate the techniques and procedures executed by the threat actors, the experts have recommended some security considerations that we have mentioned below:-

  • Always investigate the IOCs provided.
  • Always analyze your internal networks for potential intrusion.
  • Always review all the authentication activity for remote access infrastructure.
  • Make sure to configure the network configurations properly.
  • Always enable two-factor authentication or MFA.
  • Frequently change the passwords, and make sure to use strong passwords.
  • To prevent MBR/VBR modification, always enable Controlled folder Access (CFA) in Microsoft Defender.

Moreover, this malware family has been denoted as WhisperGate, and Microsoft has also implemented several protections to detect this malware. While the users and organizations can utilize these security mechanisms through Microsoft Defender Antivirus and Microsoft Defender.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates


Latest articles

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...

Cybercriminals Exploit Attack on Donald Trump for Crypto Scams

Researchers at Bitdefender Labs remain ever-vigilant, informing users about the latest scams and internet...

New TE.0 HTTP Request Smuggling Flaw Impacts Google Cloud Websites

HTTP Request Smuggling is a flaw in web security that is derived from variations...

Volcano Demon Group Attacking Organizations With LukaLocker Ransomware

The Volcano Demon group has been discovered spreading a new ransomware called LukaLocker, which...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles