Many European countries are at risk of a cyber war with the participation of new types of malicious code, in which, especially dangerous is the appearance of the WhisperGate malware.
What is WhisperGate malware?
Recently, along with the escalation of the conflict between Russia and Ukraine, another conflict of hacker groups is also gradually rekindling in the online world.
In just the past few days, a series of high-tech attacks have been carried out against the Ukrainian government. Many information technology systems of government agencies, banks and financial institutions in Ukraine were attacked by denial of service (DDoS) attacks and infected with data deletion malware.
|Ukraine is likely to become the focus of a looming cyber war.|
The main culprit in these attacks is a new type of malicious code called WhisperGate. This is a dangerous type of malicious code with the ability to disable the defenses of Windows Defender, and completely destroy computer data.
WhisperGate is designed to disguise itself as ransomware (ransomware). However, WhisperGate lacks a data recovery mechanism and was launched for the purpose of sabotage, rendering the target IT systems crippled and inoperable.
The appearance of a new type of malware WhisterGate has raised concerns about an increasingly escalating data war on the network environment.
How does WhisperGate malware penetrate and destroy data?
An analysis published recently by security expert Nguyen Minh Hoang (CyRadar Information Security Joint Stock Company) has detailed how the WhisperGate malware works.
Accordingly, the attack behavior of WhisperGate malware can be divided into 3 stages.
In the first stage, the malicious code will destroy the Master Boot Record (MBR) partition, making the victim’s computer unbootable. When booting, a message will appear on the computer screen asking the victim to transfer money.
|The startup screen of the computer infected with the WhisperGate malware will display information asking the user to transfer $10,000 in Bitcoin.|
In the second stage, the malware proceeds to download another malicious code from the discord server to the victim’s computer. With the third stage, the newly downloaded malicious code will encrypt, destroy all data in the victim’s computer.
Encrypted files with extension names include:
.HTML .HTM .PHTML .PHP .JSP .ASP .PHPS .PHP5 .ASPX .PHP4 .PHP3 .DOC .DOCX .XLSX .PPT .PPTX .PST .MSG .EML .TXT .CSW1KS.RTFWK1KS.RTF .PDF .DWG .JPEG .JPG .DOCM .DOT .DOTM .XLSM .XLSB .XLW .XLT .XLM .XLC .XLTX .XLTM .PPTM .PPS .PPSM .PPSX .HWP .SXI .SL DM.SLDX . .BMP .PNG .GIF .RAW .TIF .TIFF .PSD .SVG .CLASS .JAR .SCH .VBS .BAT .CMD .PAS .CPP .SXM .STD .SXD .ODP .WB2 .SLK .DIF .SXC .ODS .3DM .MAX .3DS .STW .SXW .ODT .PEM .P12 .CSR .CRT .KEY .PFX .DER .OGG .JAVA .INC .INI .PPK .LOG .VDI .VMDK.VHD . .MYI .MYD .FRM .SAV .ODB .DBF .MDB .ACCDB .SQL .SQLITEDB .SQLITE3 .LDF .ARC .BAK .TAR .TGZ .RAR .ZIP .BACKUP .ISO .CONFIG
Notably, after destroying all data in the victim’s machine, the malicious code will erase itself to cover the traces.
|The target of WhisperGate malware is mainly Ukrainian information systems.|
According to security expert Nguyen Minh Hoang, during the analysis, CyRadar found Russian characters in the information of the malicious code. Therefore, this expert commented that the perpetrators of the attacks using the WhisperGate malware may come from Russian hackers with the main target of the Ukrainian information system.
CyRadar Team also said that, up to now, there have been no reports that the WhisperGate malicious code has attacked in Vietnam.
However, to prevent possible unfortunate situations, CyRadar recommends that users and administrators of computer systems need to update Windows regularly. In the latest version, Windows defender has added a method to fight WhisperGate malware.
The US and Western countries are ready to respond to cyberwar from Russia
Not only Ukraine, the fact that Russia can launch a cyberwar to “retaliate” the sanctions, but the US West also does not sit idly by.