Microsoft’s Security Intelligence team has found a new destructive malware residing in Ukranian government systems, which are set to compromise critical services relying on it.
The malware is yet to be tagged to a threat group, but now it’s temporarily tracked as DEV-0586 and is capable of overwriting the Master Boot Records of a computer. This makes the computer inoperable since it cannot boot. Microsoft said more systems can be found with this malware through the ongoing investigation.
A Malware Disguised As Ransomware
Just a couple of days after the Ukrainian incident where over 10 government websites got defaced, Microsoft now found a new threat posing against the Ukranian government. The threat intelligence team of Microsoft has discovered data-wiping malware, in several systems of the Ukrainian government.
This destructive malware is spotted in the computers of multiple government agencies, non-profits, and information technology organizations, all based in Ukraine, and they provide crucial services to the government. This malware is disguised as ransomware, as it carries a ransom note asking for a $10,000 payment for keys if successfully locked.
While it’s yet to be triggered, Microsoft studied the malware samples and said it’s destructive enough to be compared to NotPetya and BadRabbit’s malware. These two threat actors have attacked Ukrainian governments in 2017 and then spread across the world.
Since the investigations are in the initial stages, Microsoft hasn’t attributed this malware to any specific group but tagged it as DEV-0586 temporarily. And regarding the malware, Microsoft said it can wipe out critical system data to make it useless.
More specifically, the malware is capable of overwriting a computer’s Master Boot Record (MBR) and preventing it from booting! And even if the victim tries to recover the MBR and boot sequence, they may lose access to the internal files as they might have already been corrupted.