Increased Wiper Malware Threat

wiper Mar 30, 2022

As Russia steps up its cyberattacks on Ukraine alongside its military invasion, governments in the West are worried the situation could spill over into other countries, becoming an all-out cyberwar. Russia has been blamed for a number of cyberattacks targeting Ukraine’s government and banking systems since they began their invasion. And Wiper malware is looking like another thing we all have to be vigilant about.

Slovakia-based cybersecurity firm ESET announced they had discovered a new type of destructive wiper malware affecting computers in Ukraine, making it at least the third strain of wiper to have hit Ukrainian systems since the Russian invasion began

This new variant, called CaddyWiper was discovered in mid-March. Other known variants HermeticWiper (discovered 2021), and IsaacWiper (discovered late 2019) have been massed deployed during the Ukraine conflict also.

Wiper malware is not a new thing, its possibly been around since 2012. Perhaps the most well known variant is the Petya/Not Petya which did the rounds in 2016. Often referred to as ransomware, it was considered by many as a wiper masquerading as ransomware.

Wiper programs share some similarities with ransomware in terms of their ability to access and modify files on a compromised system, but unlike ransomware — which encrypts data on a disk until a release fee is paid to attackers — wipers permanently delete disk data and give no way to recover it. This means the objective of the malware is purely to cause damage to the target rather than extract any financial reward for the attacker.

Large-scale cyberwarfare has yet to materialise outside of t Russia-Ukraine conflict. But many are urging vigilance, In the US, the Cybersecurity and Infrastructure Agency (CISA) has published and advisory to organisations warning that they could be impacted by the same type of destructive malware being used in Ukraine.

More information below.

https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-ukraine-hit-by-destructive-attacks-before-and-during-the-russian-invasion-with-hermet/

https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/

https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/

https://www.cisa.gov/news/2022/02/26/cisa-and-fbi-publish-advisory-protect-organizations-destructive-malware-used

Deano

Deano is part of vBridge's amazing infrastructure team, who are responsible for keeping the lights on, and making sure your IaaS experience is a happy and productive one.