Saturday, July 2, 2022

Researchers find new destructive wiper malware in Ukraine

Must read

Shreya Christina
Shreya has been with for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

Researchers have discovered a new type of destructive wiper malware that affects computers in Ukraine, making it at least the third kind of wiper to hit Ukrainian systems since the Russian invasion began.

The malware, called CaddyWiper, was found by researchers at Slovakia-based cybersecurity firm ESET, who shared details in a tweet thread posted on Monday.

According to the researchers, the malware wipes user data and partition information from all drives attached to a compromised machine. Sample code shared on Twitter suggests that the malware corrupts files on the machine by overwriting them with null byte characters, making them unrecoverable.

“We know that if the wiper works, it effectively renders the system useless,” said Jean-Ian Boutin, Head of Threat Research at ESET. The edge† “However, it is unclear at this time what the overall impact of this attack is.”

So far, the number of cases in the wild appears to be small, and ESET’s investigation had observed that one organization was targeted by CaddyWiper, Boutin said.

ESET research has previously uncovered two other types of wiper malware targeting computers in Ukraine. The first species, labeled HermeticWiper by researchers, was: discovered on February 23, a day before Russia began its military invasion of Ukraine. Another wiper known as IsaacWiper was deployed in Ukraine on February 24

However, a timeline shared by ESET suggests that both IsaacWiper and HermeticWiper were in development for months before they were released.

A timeline of the development of IsaacWiper and HermeticWiper
ESET research

Wiper programs share some similarities with ransomware in terms of their ability to access and modify files on a compromised system, but unlike ransomware – which encrypts data on a drive until a release fee is paid to attackers – wipe wipers permanent disk data and give them no way to recover it. This means that the purpose of the malware is purely to inflict damage on the target and not a financial reward for the attacker.

While pro-Russian hackers have used malware to destroy the data on Ukrainian computer systems, some hackers who support Ukraine have taken the opposite approach, leaking data from Russian companies and government agencies as an offensive tactic.

Overall, large-scale cyber warfare has so far failed to take off in the Russia-Ukraine conflict, but it is possible that even bigger attacks are on the way. In the US, the Cybersecurity and Infrastructure Agency (CISA) has published an opinion to organizations warning that they could be hit by the same type of destructive malware used in Ukraine.

More articles


Please enter your comment!
Please enter your name here

Latest article