The Threat Intelligence Center (MSTIC), one of the Microsoft divisions dedicated to the detection of cyberattacks and network vulnerabilities, has warned of a sophisticated attack in recent days aimed at Ukrainian companies and organizations.

"This malware first appeared on victim systems in Ukraine on January 13, 2022," they explain from the company.

"It is designed to look like other

ransomware

programs (programs that lock or encrypt data on a computer until the victim pays a ransom) but lacks a ransom mechanism,

its goal is to destroy and disable devices

," they add.

MSTIC engineers have detected this software on more than a dozen computers spanning multiple government organizations, NGOs, and technology companies, all based in Ukraine.

The number of infected, in any case, could be much higher, since it is a recent threat that they are still investigating.

The attack adds to other acts of electronic sabotage that Ukraine has suffered in the last month, against the backdrop of growing military tension with Russia. Last Sunday, Ukrainian government sources claimed to have evidence of Russia's involvement in

a cyberattack against several government websites

. This attack took place during the early hours of last Friday and is not directly related to the threat discovered by Microsoft, but it caused the websites of several Ukrainian ministries to be inaccessible for several hours.

The

malware

discovered by Microsoft installs itself in the boot sector of the computers it manages to infect and displays a notice similar to other

ransomware

programs , demanding payment of $10,000 in bitcoin to recover computer files.

But, according to Microsoft, this is where this threat diverges from classic

ransomware

cases .

A second program, which runs right after the infection, overwrites most of the files on the machine's hard drive, making it impossible to recover them.

After overwriting the content, the software also renames each file with a seemingly random four-byte extension.

Another clue that this attack is not trying to raise funds but rather to destroy the information stored on the device is that the on-screen warning

does not include a form of contact with the attacker

, which would be usual in a conventional attack to guide the victim in the steps to follow to recover your information.

The MSTIC has not named Russia as the source of the attack, but claims to be aware of the geopolitical situation in which Ukraine finds itself.

"At the moment there are not many common elements between the unique characteristics of the group behind these attacks and the groups that we have traditionally tracked," said Tom Burt, vice president of security at Microsoft.

The company has notified affected organizations and several US law enforcement agencies of the attack.

New filters in some of the company's security tools now also protect systems from this attack.

From Microsoft, in any case, they recommend as a security measure to

redouble surveillance of government organizations and Ukrainian companies

and activate additional protection functions such as two-step authentication.

Conforms to The Trust Project criteria

Know more

  • microsoft

  • Ukraine

  • Russia

Wide Angle Macron and the European knife with two blades: he corners his opponents and sets the pace of the campaign

KazakhstanFire in Russian backyard

EuropaJosep Borrell warns Russia that it cannot define European security

See links of interest

  • Last News

  • Home THE WORLD today

  • What

  • Work calendar 2022

  • Check Christmas Lottery 2021

  • Check Child's Lottery

  • Atletico Balearic Islands - Valencia CF

  • Sassuolo - Verona

  • Valencia Basket-Barca

  • Liverpool-Brentford

  • West Ham United - Leeds United