Security News > 2022 > December > New CryWiper malware wipes data in attack against Russian org
A previously undocumented data wiper named CryWiper is masquerading as ransomware, extorting victims to pay for a decrypter, but in reality, it just destroys data beyond recovery.
CryWiper was first discovered by Kaspersky this fall, seen in attacks against organizations in the Russian Federation.
"In the fall of 2022, our solutions detected attempts by a previously unknown Trojan, which we named CryWiper, to attack an organization's network in the Russian Federation," explains the new report by Kaspersky.
As the code analysis reveals, the data-wiping function of CryWiper isn't a mistake but a purposeful tactic to destroy targets' data.
CryWiper will stop critical processes related to MySQL, MS SQL database servers, MS Exchange email servers, and MS Active Directory web services to free locked data for destruction.
Even though CryWiper is not ransomware in the typical sense, it can still cause severe data destruction and business interruption.
News URL
Related news
- Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks (source)
- Bumblebee malware attacks are back after 4-month break (source)
- Bumblebee malware wakes from hibernation, forgets what year it is, attacks with macros (source)
- Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks (source)
- Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks (source)
- Russian Government Software Backdoored to Deploy Konni RAT Malware (source)
- Russian hackers shift to cloud attacks, US and allies warn (source)
- Russian hackers hijack Ubiquiti routers to launch stealthy attacks (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)