All the ransomware, none of the recovery capabilities.
Microsoft reports that Ukrainian organizations are being targeted by malware that masquerades as ransomware but lacks the ability to recover data even if victims decide to pay the attackers. The report is based on information gathered by the Microsoft Threat Intelligence Center (MSTIC), Digital Security Unit (DSU), Detection and Response Team (DART), and Microsoft 365 Defender Threat Intelligence Team. (Which has no acronym, for obvious reasons.) Microsoft says its many teams „are working to create and implement detections for this activity.“ „At present and based on Microsoft visibility,“ the company says in a blog post about its findings, „our investigation teams have identified the malware on dozens of impacted systems and that number could grow as our investigation continues. These systems span multiple government, non-profit, and information technology organizations, all based in Ukraine.“ Microsoft is currently tracking these attacks as DEV-0586. The „DEV“ designation indicates that this is „a temporary name given to an unknown, emerging, or a developing cluster of threat activity, allowing MSTIC to track it as a unique set of information until we reach a high confidence about the origin or identity of the actor behind the activity,“ the company explains.
