Russia is attacking Ukraine government and business sites with disk-wiping malware that pretends to be ransomware. Below is one or more MDB signatures for this malware. Copy the signature(s) to a separate line in a new Notepad or similar text writer file, and then save the file as a file named Sigfile.mdb with a file type of “All Files” in the ClamWin database folder. Make sure the system does not name it with a .txt or .text extension on the end of the file name. ClamWin can not process signature files with those 2 extensions, and it will give you an error upon scanning. The file should be named only Sigfile.hdb.

After you save the signature file, scan a file somewhere with ClamWin to make sure the signature works okay—sometimes I can make a mistake, and I don't have ClamWin on this Linux computer. If the scan gives you an error, delete this signature file from the database folder. You can add signatures to the top of an existing MDB signature file (just add one blank line and put the signatures there—any lines needed will be added if there is more than one signature. If you add to the bottom of an existing file, you will get a scanning error. Make sure to delete any blank lines between this signature and the old signatures—that will also give a scanning error.

I hope this helps someone. Signatures can last for about a month. Delete them from the database folder after that.

11776:2036a3ec8d69332516af7a45bd0e95d1:Win.Trojan.DataWiper-021922.1614
16896:70b9a687312dfd4588103a2ed8985fdb:Win.Trojan.DataWiper-021922.1617

Regards,