Researchers find new destructive wiper malware in Ukraine

Researchers find new destructive wiper malware in Ukraine

Trending 6 months ago 132

Researchers person discovered a caller benignant of destructive wiper malware affecting computers successful Ukraine, making it astatine slightest the 3rd strain of wiper to person deed Ukrainian systems since the Russian penetration began.

The malware, dubbed CaddyWiper, was recovered by researchers astatine Slovakia-based cybersecurity steadfast ESET, who shared details successful a tweet thread posted Monday.

According to the researchers, the malware erases idiosyncratic information and partition accusation from immoderate drives attached to a compromised machine. Sample codification shared connected Twitter suggests the malware corrupts files connected the instrumentality by overwriting them with null byte characters, making them unrecoverable.

“We cognize that if the wiper works, it volition efficaciously render the strategy useless,” Jean-Ian Boutin, caput of menace probe astatine ESET, told The Verge. “However, it is unclear astatine this constituent what is the wide interaction of this attack.”

So far, the fig of cases successful the chaotic appears to beryllium small, and ESET’s probe had observed 1 enactment being targeted with CaddyWiper, Boutin said.

ESET probe has antecedently uncovered 2 different strains of wiper malware targeting computers successful Ukraine. The archetypal strain, labeled HermeticWiper by researchers, was discovered connected February 23rd, 1 time earlier Russia began the subject penetration of Ukraine. Another wiper known arsenic IsaacWiper was deployed successful Ukraine connected February 24th.

However, a timeline shared by ESET suggests that some IsaacWiper and HermeticWiper were successful improvement for months earlier their release.

Timeline showing the improvement  of IsaacWiper and HermeticWiper, with the oldest known samples compiled successful  October 2021 and December 2021 respectively A timeline of IsaacWiper and HermeticWiper development ESET research

Wiper programs stock immoderate similarities with ransomware successful presumption of their quality to entree and modify files connected a compromised system, but dissimilar ransomware — which encrypts information connected a disk until a merchandise interest is paid to attackers — wipers permanently delete disk information and springiness nary mode to retrieve it. This means the nonsubjective of the malware is purely to origin harm to the people alternatively than extract immoderate fiscal reward for the attacker.

While pro-Russia hackers person utilized malware to destruct the information connected Ukrainian machine systems, immoderate hackers who enactment Ukraine person taken the other approach, leaking information from Russian businesses and authorities agencies arsenic an violative tactic.

Overall, large-scale cyberwarfare has truthful acold failed to materialize successful the Russia-Ukraine conflict, but it’s imaginable that larger attacks are inactive successful store. In the US, the Cybersecurity and Infrastructure Agency (CISA) has published an advisory to organizations informing that they could beryllium impacted by the aforesaid benignant of destructive malware being utilized successful Ukraine.