Microsoft has warned users of a major malware which targets government, IT and non-profit organisations in Ukraine.
The computer manufacturer has dubbed the issue as 'Whispergate' and claimed that the bug is "designed to look like ransomware", before warning users that it has so far affected 12 reported systems but could spread to more.
In a blogpost, Microsoft said: " MSTIC assesses that the malware, which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom. The two-stage malware overwrites the Master Boot Record (MBR) on victim systems with a ransom note (Stage 1). The MBR is the part of a hard drive that tells the computer how to load its operating system. "
The tech giants then went on to explain how the malware contains a "[cryptocurrency] Bitcoin wallet" and kicks in when the device is switched off but that the ransom note is "a ruse" and that the attack can lead to the Master Boot Record being overwritten and therefore affecting the operating system.
Microsoft continued: "The ransom note contains a Bitcoin wallet and Tox ID (a unique account identifier used in the Tox encrypted messaging protocol) that have not been previously observed by the Microsoft Threat Intelligence Center (MSTIC). The malware executes when the associated device is powered down. Overwriting the MBR is atypical for cybercriminal ransomware. In reality, the ransomware note is a ruse, and that the malware destructs MBR and the contents of the files it targets."
The second part of the malware installs a downloader called Stage2.exe for a malicious file corrupter malware, which once installed can overwrite files.
In order to avoid the malware, Microsoft went on to suggest that users should "review all authentication activity" on their device and recommended that they download Microsoft Authenticator.
The post read: "Enable multifactor authentication (MFA) to mitigate potentially compromised credentials and ensure that MFA is enforced for all remote connectivity. NOTE: Microsoft strongly encourages all customers download and use password-less solutions like Microsoft Authenticator to secure accounts."