Microsoft has released a blog
post on possible Master Boot Record (MBR) Wiper activity
targeting Ukrainian organizations, including Ukrainian government agencies.
According to Microsoft, powering down the victim device executes the malware,
which overwrites the MBR with a ransom note; however, the ransom note is a ruse
because the malware actually destroys the MBR and the targeted files.
CERT Bulgaria recommends network defenders review the Microsoft blog for
tactics, techniques, and procedures, as well as indicators of compromise
related to this activity. CISA additionally recommends network defenders review
recent Cybersecurity Advisories and
the CISA Insights, Preparing
For and Mitigating Potential Cyber Threats.