Security News > 2022 > December > New CryWiper malware wipes data in attack against Russian org
A previously undocumented data wiper named CryWiper is masquerading as ransomware, extorting victims to pay for a decrypter, but in reality, it just destroys data beyond recovery.
CryWiper was first discovered by Kaspersky this fall, seen in attacks against organizations in the Russian Federation.
"In the fall of 2022, our solutions detected attempts by a previously unknown Trojan, which we named CryWiper, to attack an organization's network in the Russian Federation," explains the new report by Kaspersky.
As the code analysis reveals, the data-wiping function of CryWiper isn't a mistake but a purposeful tactic to destroy targets' data.
CryWiper will stop critical processes related to MySQL, MS SQL database servers, MS Exchange email servers, and MS Active Directory web services to free locked data for destruction.
Even though CryWiper is not ransomware in the typical sense, it can still cause severe data destruction and business interruption.
News URL
Related news
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)
- E.U. Sanctions 3 Russian Nationals for Cyber Attacks Targeting Estonia’s Key Ministries (source)