Several variants of wiper malware were discovered during the 2022 Ukraine cyberattacks on computer systems associated with Ukraine. Although it still demanded a ransom, it was found that the code had been significantly modified so that the payload could not actually revert its changes, even if the ransom were successfully paid. The malware infects the master boot record with a payload that encrypts the internal file table of the NTFS file system. In 2017, computers in several countries-most prominently Ukraine, were infected by NotPetya, which is a variant of the Petya ransomware that was a wiper in functional sense. Ī wiping component was used as part of the malware employed by the Lazarus Group-a cybercrime group with alleged ties to North Korea, during the 2013 South Korea cyberattack, and the 2014 Sony Pictures hack. The 2016 variant was nearly identical, except using an image of the body of Alan Kurdi instead. The original variant overwrote files with portions of an image of a burning U.S. The Shamoon malware contained a disk wiping mechanism it was employed in 20 malware attacks targeting Saudi energy companies, and utilized a commercial direct drive access driver known as Rawdisk. While a sample of the alleged malware could not be found, Kaspersky discovered traces of a separate piece of malware known as Flame. ![]() ![]() In 2012, the International Telecommunication Union supplied Kaspersky Lab with hard drives allegedly damaged by Wiper for analysis. ![]() In computer security, a wiper is a class of malware intended to erase (wipe, hence the name) the hard drive or other static memory of the computer it infects, maliciously deleting data and programs.Ī piece of malware referred to as "Wiper" was allegedly used in attacks against Iranian oil companies. Security information and event management (SIEM).Host-based intrusion detection system (HIDS).
0 Comments
Leave a Reply. |