The Threat Intelligence Center (MSTIC), one of the Microsoft divisions dedicated to the detection of cyberattacks and network vulnerabilities, has warned of a sophisticated attack in recent days aimed at Ukrainian companies and organizations.
"This malware first appeared on victim systems in Ukraine on January 13, 2022," they explain from the company.
"It is designed to look like other
ransomware
programs (programs that lock or encrypt data on a computer until the victim pays a ransom) but lacks a ransom mechanism,
its goal is to destroy and disable devices
," they add.
MSTIC engineers have detected this software on more than a dozen computers spanning multiple government organizations, NGOs, and technology companies, all based in Ukraine.
The number of infected, in any case, could be much higher, since it is a recent threat that they are still investigating.
The attack adds to other acts of electronic sabotage that Ukraine has suffered in the last month, against the backdrop of growing military tension with Russia. Last Sunday, Ukrainian government sources claimed to have evidence of Russia's involvement in
a cyberattack against several government websites
. This attack took place during the early hours of last Friday and is not directly related to the threat discovered by Microsoft, but it caused the websites of several Ukrainian ministries to be inaccessible for several hours.
The
malware
discovered by Microsoft installs itself in the boot sector of the computers it manages to infect and displays a notice similar to other
ransomware
programs , demanding payment of $10,000 in bitcoin to recover computer files.
But, according to Microsoft, this is where this threat diverges from classic
ransomware
cases .
A second program, which runs right after the infection, overwrites most of the files on the machine's hard drive, making it impossible to recover them.
After overwriting the content, the software also renames each file with a seemingly random four-byte extension.
Another clue that this attack is not trying to raise funds but rather to destroy the information stored on the device is that the on-screen warning
does not include a form of contact with the attacker
, which would be usual in a conventional attack to guide the victim in the steps to follow to recover your information.
The MSTIC has not named Russia as the source of the attack, but claims to be aware of the geopolitical situation in which Ukraine finds itself.
"At the moment there are not many common elements between the unique characteristics of the group behind these attacks and the groups that we have traditionally tracked," said Tom Burt, vice president of security at Microsoft.
The company has notified affected organizations and several US law enforcement agencies of the attack.
New filters in some of the company's security tools now also protect systems from this attack.
From Microsoft, in any case, they recommend as a security measure to
redouble surveillance of government organizations and Ukrainian companies
and activate additional protection functions such as two-step authentication.
Conforms to The Trust Project criteria
Know more
microsoft
Ukraine
Russia
Wide Angle Macron and the European knife with two blades: he corners his opponents and sets the pace of the campaign
KazakhstanFire in Russian backyard
EuropaJosep Borrell warns Russia that it cannot define European security
See links of interest
Last News
Home THE WORLD today
What
Work calendar 2022
Check Christmas Lottery 2021
Check Child's Lottery
Atletico Balearic Islands - Valencia CF
Sassuolo - Verona
Valencia Basket-Barca
Liverpool-Brentford
West Ham United - Leeds United