Security News > 2022 > December > New CryWiper malware wipes data in attack against Russian org
A previously undocumented data wiper named CryWiper is masquerading as ransomware, extorting victims to pay for a decrypter, but in reality, it just destroys data beyond recovery.
CryWiper was first discovered by Kaspersky this fall, seen in attacks against organizations in the Russian Federation.
"In the fall of 2022, our solutions detected attempts by a previously unknown Trojan, which we named CryWiper, to attack an organization's network in the Russian Federation," explains the new report by Kaspersky.
As the code analysis reveals, the data-wiping function of CryWiper isn't a mistake but a purposeful tactic to destroy targets' data.
CryWiper will stop critical processes related to MySQL, MS SQL database servers, MS Exchange email servers, and MS Active Directory web services to free locked data for destruction.
Even though CryWiper is not ransomware in the typical sense, it can still cause severe data destruction and business interruption.
News URL
Related news
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Disney Slack attack wasn't Russian protesters, just a Cali dude with malware (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Russians lure European diplomats into malware trap with wine-tasting invite (source)
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- New Android malware steals your credit cards for NFC relay attacks (source)