Wiper malware destroyed data of multiple Russian government agencies

The cybersecurity company Kaspersky Labs has found “pinpoint” cyberattacks in Russia, and they have given files that are infected with a new suffix called.cry (hence the name CryWiper).

It is uncertain how many institutions have been penetrated, however local media have reported that some of those institutions include courts and mayor’s offices around the country.

According to some reports, this dangerous program has traits in common with two other types of malware, which are known together as the Trojan-Ransom.

The email address of one of them is included in the ransom note sent to all of them. The Windows ransomware family known as Xorist was discovered for the first time in 2010. Its victims are mostly located in the United States and Russia.

The local governments of Russia and the country’s court system have just become the latest targets of such a sophisticated strain of malware.

CryWiper is malicious software that poses as ransomware in order to trick users into paying a very tiny sum of money (about 0.5 bitcoin, or around $9,000 at the time of this publication).

However, experts have indicated that its purpose is to wipe all data on the infected endpoint regardless of whether or not the ransom is paid. This is the case even if the ransom is paid.

The fact that CryWiper was coded in C++, an extremely uncommon programming language, shows that the threat actors behind it utilized a computer operating system other than Windows to develop the malicious software.

This malware has been likened to the wiper software known as IsaacWiper, which has recently been targeting businesses in Ukraine. The comparison was made in the same source. Both wipers seem to make use of the same methodology in order to generate the seemingly random numbers that are then applied to the files in order to overwrite them and render them useless.

One further peculiar feature of the attackers’ strategies is that they employ a Mersenne Vortex PRNG to generate random numbers. Over the course of the last ten years, the wiper virus has grown more widespread.

Both the Saudi oil business Saudi Aramco and the Qatari gas company RasGas suffered significant damages as a result of the wiper that occurred in 2012 and was known as Shamoon. Four years after the first outbreak of the Shamoon malware, many companies in Saudi Arabia were struck by a new strain.

In 2017, a self-replicating type of malware called NotPetya caused an estimated $10 billion in damages all across the globe in only a few of hours.

Over the course of the previous year, several new forms of wiper malware have been developed. Several instances of malware that fall into this category are DoubleZero, IsaacWiper, HermeticWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, and RuRansom.

Wipers are among the most malicious forms of malware since their purpose is to erase all of the information from the device that has been infected. Wi-Fi and other network weaknesses are often exploited in successful wiper attacks.

Users have the ability to defend themselves against attacks of this kind by ensuring that they are always using the most recent version of their operating system, web browser, and any other software that they have installed.

Always a good idea is to make sure that your defenses against cyber attacks are up to date and cutting edge.