Microsoft Warns Users of Fake Ransomware Spreading Data-Wiping Malware

Microsoft warned users of a fake ransomware cyberattack that spreads malware, which wipes out the data of various organizations in Ukraine.

Microsoft Logo
The Microsoft logo is illuminated on a wall during a Microsoft launch event to introduce the new Microsoft Surface laptop and Windows 10 S operating system, May 2, 2017 in New York City. by Drew Angerer/Getty Images

Microsoft and Fake Ransomware

As per the blog post by Microsoft, its cybersecurity team discovered a new scheme that wipes out the files of various organizations, such as government and non-profit groups in Ukraine.

Microsoft further said that the new malware scheme targets organizations that work with the government of Ukraine.

The vice president and Customer Security and Trust of Microsoft, Tom Burt, said in a blog post that the new "malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable."

The Microsoft exec said that they are reporting their latest discovery to help other folks to defend themselves against similar cyberattacks, which could destroy their files altogether.

Fake Ransomware and Data-Wiping Malware

According to the news story by Bleeping Computer, the new malware that pretends to be ransomware goes by the name "WhisperGate."

The online news outlet showed a ransomware note from a WhisperGate malware cyberattack, wherein it was asking for cryptocurrency payment from its victims.

The ransom note starts by informing the target that their "hard drive has been corrupted." After which, the threat actor adds that there is an option to recover all of the hard drives affected by the attack.

Then, the cyberattacks went on to ask their victims to send a hefty ransom payment to a Bitcoin wallet address. The ransom note specifically asked for a whopping $10,000 worth of the top cryptocurrency to get their systems back to normal.

The note ended by saying that the victims will be given further instructions by the hackers along the way.

Microsoft said that the ransomware note is being communicated to the victim via Tox. Hence, it is fake in the first place.

On the other hand, BleepingComputer noted in the same report that previous ransomware attacks have been using Tox as a way to reach out to their victims. So that does not automatically mean that the attack is completely fake at all.

But on top of that, Microsoft noted another reason that makes the whole cyber scheme a fake ransomware, which focuses on the wallet address and the decryption key.

For instance, the tech giant observed that the attackers are using a single Bitcoin wallet address for all of its victims.

What's more, even if the target of the ransomware attack has already paid for the ransom amount, the attackers do not provide any decryption key.

BleepingComputer further stated that the crypto wallet and lack of a decryption key clearly suggest that the latest malware scheme is merely pretending to be a ransomware attack.

Instead, the new scheme wipes out the systems of its victims, and, at the same time, the hackers are also profiting from it.

This article is owned by Tech Times

Written by Teejay Boris

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:Malware
Join the Discussion
Real Time Analytics