Microsoft claims to have discovered destructive malware on the systems of many Ukrainian government entities

Microsoft has discovered evidence of a devastating malware campaign in Ukraine that targeted organizations. According to the company, destructive malware is being used to damage systems of government agencies and organizations that work with the government in Ukraine.

The announcement came only days after over 70 Ukrainian government websites were hacked. According to Microsoft’s study, the ransom note connected to malware is fake, and the malware’s objective is yet unknown. And multiple victims had the same ransom payload.

On January 13, 2022, this malware first emerged on target systems in Ukraine. According to Microsoft Threat Intelligence Center (MSTIC), the malware is designed to damage and turn targeted machines useless. The company discovered a one-of-a-kind malware capability utilized in intrusion attacks against several Ukrainian target businesses. The malware overwrites the Master Boot Records (MBR), and there is no way to recover it. 

Microsoft is working on malware identification and has issued a list of security advice for firms that may have been attacked. Customers that have been targeted or hacked are being notified proactively by MSTIC. DEV-#### is a temporary moniker issued by Microsoft to an unknown, emerging, or developing threat activity. Attacked organizations may take from days to weeks to recover from these types of attacks.

According to John Bambenek of Netenrich and Rick Holland, ransomware attacks are part of Russian policy. Russia has used ransomware as a cover for harmful assaults in the past.