Microsoft said it has discovered a destructive malware being used to corrupt the systems of multiple organizations in Ukraine. In a blog published on Saturday, Microsoft Threat Intelligence Center (MSTIC) said it first discovered the ransomware-like malware on January 13.
The news comes days after more than 70 Ukrainian government websites were defaced by groups allegedly associated with Russian secret services. But Microsoft said it “has not found any notable associations” between the malware it found and the website attacks that occurred last week.
“MSTIC assesses that the malware, which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom,” Microsoft explained.
“At present and based on Microsoft visibility, our investigation teams have identified the malware on dozens of impacted systems and that number could grow as our investigation continues. These systems span multiple government, non-profit, and information technology organizations, all based in Ukraine. We do not know the current stage of this attacker’s operational cycle or how many other victim organizations may exist in Ukraine or other geographic locations. However, it is unlikely these impacted systems represent the full scope of