Fake ransomware wiper WhisperGate targets Ukraine
Since January 13th, new attacks that combine a destructive MBRLocker with a data-corrupting malware have been used to destroy the victim’s data intentionally. Microsoft calls this new malware family ‘WhisperGate’ and explains in a report that it is conducted through two different destructive malware components. The first component is launched from the C:\PerfLogs, C:\ProgramData, C:\, or C:\temp folders and overwrites the Master Boot Record to display a ransom note. The second component is executed simultaneously to download a data-destroying malware named Tbopbh.jpg hosted on Discord that overwrites targeted files with static data.