Ukraine Targeted in False Ransomware Attacks, Microsoft Warns

A warning comes from Microsoft about a data-wiping malware that poses as ransomware and is being leveraged by threat actors to target several companies from Ukraine. The attacks were identified by Microsoft starting the 13th of January and according to it, their purpose is the destruction of the victim’s information by combining a malicious MBRLocker with a data-corrupting malware.

About the Data-Wiping Attack Employing WhisperGate

Microsoft dubbed the malware family ‘WhisperGate’. The company published a report on this topic pointing out the fact that the malware operates through two distinct components.

The first component was given the name stage1.exe and C:PerfLogs, C:ProgramData, C: or C:temp folders are used to launch it, means by which Master Boot Record is overwritten in order to show a ransom note.

The MBR Lockers use a program whose role is to perform encryption on the partition table and show a ransom note to replace the loader in the master boot record with it. This way, the operating system will not be able to load and the information becomes inaccessible until the decryption key for it is provided and the ransom paid.

The second component is dubbed stage2.exe. It will be executed at the same time in

Read More: https://heimdalsecurity.com/blog/ukraine-targeted-in-false-ransomware-attacks-microsoft-warns/