Microsoft said by the end of Saturday that it had identified dozens of computer networks in Ukrainian government institutions and organizations infected with malware and malicious computer programs hidden as ransomware.
The malware program has targeted many organizations in Ukraine, including government agencies that provide high-level branch or emergency response services, and is designed to disable computers when attacked by the attacker, Microsoft said.
“Our research teams have identified a malware program on many of the affected systems and that number could grow as our investigation progresses,” Microsoft said in a blog post on Saturday. “These programs include government, non-profit organizations and information technology, all based in Ukraine.”
The operation was discovered Thursday, Microsoft said, coinciding with a major cyberattack attack that simultaneously damaged dozens of Ukrainian government sites with a message warning Ukrainians to “fear and expect the worst.”
Microsoft’s announcement comes amid growing tensions with Russia after Moscow rallied around 100,000 troops near its border with Ukraine, sparking fears of an attack.
Ukraine’s security official told Reuters on Saturday that the government believed that hijacking groups linked to Russia’s intelligence service had carried out the cyberattack attack on government websites. Moscow has repeatedly denied involvement in the cyber-attack against Ukraine.
In 2017, Russian troops were blamed for a massive NotPetya ransomware attack, which targeted Ukrainian government, financial institutions and forces and caused more than $ 10 billion worth of damage worldwide. The US said the attack, which it described as “the most destructive and costly cyber attack in history,” was part of the Kremlin’s attempts to overthrow Ukraine.
The malware program “works when the associated device is down,” said Microsoft, a common response to ransomware infection to prevent it from spreading further. Microsoft has said it has not been able to determine the purpose of the malicious activity or to identify the unique features that link you to the known and intimidating characters.