Microsoft announced the discovery of a “destructive” computer virus that attacks many organizations in Ukraine. The virus was first detected on January 13 of this year, and the software giant found no connection between it and other hacker groups.
At the moment, the virus has the number DEV-0586 and is called Whisper Gate. It is designed to look like a standard cryptovirus, i.e. encrypts data in computers, but has a different purpose.
Unlike typical cryptoviruses, this one does not have a ransom and decryption module. He shows a message that he wants a $10,000 ransom via bitcoin, but there is no real way to pay it. Instead, its purpose is to render the system unusable and unrecoverable.
Microsoft reports that DEV-0586 has been found on the systems of “dozens” of companies, government agencies and public organizations in Ukraine. The software giant believes that the real number of victims is even higher, but cannot yet determine the scale of the attack.
The company has added virus protection to Microsoft Defender Antivirus and Microsoft Defender Endpoint. She did not name the source of the attack, saying that more time is needed to study the virus and monitor its activity.
This is not the first time that hacker attacks have been applied to specific targets. In 2017, there was a similar attack with the NotPetya cryptovirus, which also compromised and deleted entire systems. A few years earlier, Stuxnet was the first virus believed to have been created to directly attack computer systems in Iran.
Common to all targeted viruses is that there were indirect victims, and in the case of NotPetya, many other systems in different countries were attacked. The damage from this virus around the world is more than 10 billion dollars, the Associated Press notes. As of now, there is no evidence that WhisperGate has been detected outside of its specific targets.