Since January 13th, new attacks that combine a destructive MBRLocker with a data-corrupting malware have been used to destroy the victim’s data intentionally. Microsoft calls this new malware family ‘WhisperGate’ and explains in a report that it is conducted through two different destructive malware components. The first component is launched from the C:\PerfLogs, C:\ProgramData, C:\, or C:\temp folders and overwrites the Master Boot Record to display a ransom note. The second component is executed simultaneously to download a data-destroying malware named Tbopbh.jpg hosted on Discord that overwrites targeted files with static data.

Source: https://www.bleepingcomputer.com/news/security/microsoft-fake-ransomware-targets-ukraine-in-data-wiping-attacks/