Technical Analysis of the WhisperGate Malicious Bootloader

The displayed message suggests victims can expect recovery of their data, but this is technically unachievable.

January 21, 2022

On Jan. 15, 2022, a set of malware dubbed WhisperGate was reported to have been deployed against Ukrainian targets. The incident is widely reported to contain three individual components deployed by the same adversary, including a malicious bootloader that corrupts detected local disks, a Discord-based downloader and a file wiper. The activity occurred at approximately the same time multiple websites belonging to the Ukrainian government were defaced.

The WhisperGate bootloader malware complements its file-wiper counterpart. Both aim to irrevocably corrupt the infected hosts’ data and attempt to masquerade as genuine modern ransomware operations. However, the WhisperGate bootloader has no decryption or data-recovery mechanism, and has inconsistencies with malware commonly deployed in ransomware operations.

The displayed message suggests victims can expect recovery of their data, but this is technically unachievable. These inconsistencies very likely indicate that WhisperGate activity aims to destroy data on the impacted assets. This assessment is made with moderate confidence as technical analysis of the WhisperGate activity continues.

Read more at CrowdStrike

Homeland Security Today

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

See Full Bio

Stanford University Releases It’s “AI Index 2024 Annual Report”

Shannon Hagy Joins Amivero as Vice President of Business Development

Alpha Omega Appoints Rob Brown as Senior VP of National Security Solutions

ARTICLE: Industry Confidence, the Global Security Market and the Adaptation of the Systems Integrator: Top Takeaways From SIA’s Latest Research

COLUMN: Foresight Finds: Immigration and Customs Enforcement (ICE) Edition

ISC Publishes 2023 Annual Review Highlighting Key Security Insights

2023 DHS Customer Experience Annual Report Reveals Significant Progress and Future Goals

2023 DHS Customer Experience Annual Report Reveals Significant Progress and Future Goals

Technical Analysis of the WhisperGate Malicious Bootloader

Related Articles

1,500 Firearms Intercepted by TSA at US Airports in 3 Months — With a Shocking 93% of Them Loaded

EBT Inc. Wins TSA Gold Standard Award in Suffolk Transit Services

US Soldier Shoots Migrant During Border-Crosser Stabbing Near El Paso as Rising Violence Continues

LEAVE A REPLY Cancel reply

Latest Articles

1,500 Firearms Intercepted by TSA at US Airports in 3 Months — With a Shocking 93% of Them Loaded

EBT Inc. Wins TSA Gold Standard Award in Suffolk Transit Services

US Soldier Shoots Migrant During Border-Crosser Stabbing Near El Paso as Rising Violence Continues

ARTICLE: Advancing Security: Mass Spectrometer’s Superior Detection for Trace Elements in Explosives and Narcotics

Biden Admits Over 400,000 Immigrants Into the US by Expanding ‘Lawful Pathways’