Thursday, March 28, 2024

New Destructive Malware Attack That Wipes Master Boot Records

A destructive malware operation has been detected recently by the security experts at Microsoft Threat Intelligence Center (MSTIC) in which the threat actors are targeting several Ukrainian organizations and government agencies.

In this malicious campaign, the threat actors are targeting the MBR of affected or targeted systems in which they wipes the Master Boot Records (MBR).

While on January 13, 2022, in Ukraine this malware was first identified on the systems of its victim, and that’s why due to these ongoing malicious operations in Ukraine, Microsoft has urged organizations and agencies to stay alert to remain protected.

Are there any known associations behind these ongoing operations? 

The straight answer to this question is, “NO,” since, till now Microsoft’s MSTIC has not detected any notable activity, but, they have tracked one as “DEV-0586.”

The most astonishing thing about this malware is that it’s designed to look like ransomware without a ransom recovery mechanism.

Why the operators have done this?

Instead of getting any ransom, the operators of this malware have specifically designed this malware to be destructive and induce the devices of their targets.

Orgs targeted

During the investigation, Microsoft has discovered multiple systems from multiple organizations were impacted due to this malware, and here we have mentioned the affected orgs below:-

  • Multiple government organizations.
  • Non-profit organizations.
  • Information technology organizations.

Observed activity

The activity observed by the cybersecurity researchers are:-

  • Overwrite Master Boot Record to display a faked ransom note.
  • File corrupter malware

Apart from this, in the below image we have listed all the hardcoded file extensions used by the attackers.

Recommendations

To mitigate the techniques and procedures executed by the threat actors, the experts have recommended some security considerations that we have mentioned below:-

  • Always investigate the IOCs provided.
  • Always analyze your internal networks for potential intrusion.
  • Always review all the authentication activity for remote access infrastructure.
  • Make sure to configure the network configurations properly.
  • Always enable two-factor authentication or MFA.
  • Frequently change the passwords, and make sure to use strong passwords.
  • To prevent MBR/VBR modification, always enable Controlled folder Access (CFA) in Microsoft Defender.

Moreover, this malware family has been denoted as WhisperGate, and Microsoft has also implemented several protections to detect this malware. While the users and organizations can utilize these security mechanisms through Microsoft Defender Antivirus and Microsoft Defender.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles