Earlier this month, a potent wiper named WhisperGate targeted government, non-profit, and IT organizations in Ukraine with what initially appeared to be ransomware. The threat was in fact a destructive wiper malware, carried out as a multi-stage attack. Thus far, it has been seen targeting devices running the Windows operating system; however, the Ukrainian government reported that there might also be a Linux variant of the malware lurking out there too.
WhisperGate runs as a multi-stage attack, beginning by overwriting the Master Boot Record (MBR) and displaying a fake ransom note. The second and third stages involve retrieving the payload from a malicious discord link. The final stage executes a file corruptor against target file types, irrecoverably destroying data.
No encryption has been observed during any of the attack stages. The malware does not appear to have been created for financial gain. Thus far, the sole purpose of WhisperGate seems to be the destruction of data, making it most likely that a threat group is using this malware to disrupt or disable target organizations.
Read the full blog on WhisperGate Wiper here:
Credit: YouTube/BlackBerry