Monday, October 7, 2024
Homecyber securityNew Destructive Malware Attack That Wipes Master Boot Records

New Destructive Malware Attack That Wipes Master Boot Records

Published on

A destructive malware operation has been detected recently by the security experts at Microsoft Threat Intelligence Center (MSTIC) in which the threat actors are targeting several Ukrainian organizations and government agencies.

In this malicious campaign, the threat actors are targeting the MBR of affected or targeted systems in which they wipes the Master Boot Records (MBR).

While on January 13, 2022, in Ukraine this malware was first identified on the systems of its victim, and that’s why due to these ongoing malicious operations in Ukraine, Microsoft has urged organizations and agencies to stay alert to remain protected.

- Advertisement - EHA

Are there any known associations behind these ongoing operations? 

The straight answer to this question is, “NO,” since, till now Microsoft’s MSTIC has not detected any notable activity, but, they have tracked one as “DEV-0586.”

The most astonishing thing about this malware is that it’s designed to look like ransomware without a ransom recovery mechanism.

Why the operators have done this?

Instead of getting any ransom, the operators of this malware have specifically designed this malware to be destructive and induce the devices of their targets.

Orgs targeted

During the investigation, Microsoft has discovered multiple systems from multiple organizations were impacted due to this malware, and here we have mentioned the affected orgs below:-

  • Multiple government organizations.
  • Non-profit organizations.
  • Information technology organizations.

Observed activity

The activity observed by the cybersecurity researchers are:-

  • Overwrite Master Boot Record to display a faked ransom note.
  • File corrupter malware

Apart from this, in the below image we have listed all the hardcoded file extensions used by the attackers.

Recommendations

To mitigate the techniques and procedures executed by the threat actors, the experts have recommended some security considerations that we have mentioned below:-

  • Always investigate the IOCs provided.
  • Always analyze your internal networks for potential intrusion.
  • Always review all the authentication activity for remote access infrastructure.
  • Make sure to configure the network configurations properly.
  • Always enable two-factor authentication or MFA.
  • Frequently change the passwords, and make sure to use strong passwords.
  • To prevent MBR/VBR modification, always enable Controlled folder Access (CFA) in Microsoft Defender.

Moreover, this malware family has been denoted as WhisperGate, and Microsoft has also implemented several protections to detect this malware. While the users and organizations can utilize these security mechanisms through Microsoft Defender Antivirus and Microsoft Defender.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to...

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to...

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...