We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
DoS:Win32/WhisperGate.C!dha
Aliases: No associated aliases
Summary
Microsoft Defender Antivirus detects this threat.
This threat is designed to look like ransomware but lacks ransom recovery mechanism. It is designed to render targeted devices inoperable rather than to obtain a ransom. It belongs to a destructive malware operation targeting multiple Ukranian organizations.
Read the following blog for more information:
If you have cloud-delivered protection, your device gets the latest defenses against new and unknown threats. If you don't have this feature enabled, update your antimalware definitions and run a full scan and do the following:
- Use the included indicators of compromise to investigate whether they exist in your environment and assess for potential intrusion.
- Review all authentication activity for remote access infrastructure, with a particular focus on accounts configured with single factor authentication, to confirm authenticity and investigate any anomalous activity.
- Enable multifactor authentication (MFA) to mitigate potentially compromised credentials and ensure that MFA is enforced for all remote connectivity. NOTE: Microsoft strongly encourages all customers download and use password-less solutions like Microsoft Authenticator to secure accounts.
- Stop suspicious processes, isolate affected devices, decommission compromised accounts or reset passwords, block IP addresses and URLs, and install security updates.
- Contact your incident response team, or contact Microsoft support for investigation and remediation services
You can also search the Microsoft virus and malware community for more help.