Skip to main content
Skip to main content
Microsoft Security Intelligence
Published Jan 15, 2022 | Updated Jan 15, 2022


Detected by Microsoft Defender Antivirus

Aliases: No associated aliases


Microsoft Defender Antivirus detects this threat. 

This threat is designed to look like ransomware but lacks ransom recovery mechanism. It is designed to render targeted devices inoperable rather than to obtain a ransom. It belongs to a destructive malware operation targeting multiple Ukranian organizations.

Read the following blog for more information:


If you have cloud-delivered protection, your device gets the latest defenses against new and unknown threats. If you don't have this feature enabled, update your antimalware definitions and run a full scan and do the following:

  • Use the included indicators of compromise to investigate whether they exist in your environment and assess for potential intrusion.  
  • Review all  authentication activity for remote access  infrastructure , with a particular focus on accounts configured with single factor authentication,  to confirm authenticity and investigate any anomalous activity.  
  • Enable multifactor authentication  (MFA)  to mitigate  potentially  compromised credentials and ensure that MFA is enforced for all remote connectivity.   NOTE:  Microsoft strongly encourages all customers download and use password-less solutions like  Microsoft Authenticator  to secure accounts. 
  • Stop suspicious processes, isolate affected devices, decommission compromised accounts or reset passwords, block IP addresses and URLs, and install security updates.
  • Contact your incident response team, or contact Microsoft support for investigation and remediation services

You can also search the Microsoft virus and malware community for more help.

Follow us