"Wiper, Disguised as Fake Ransomware, Targets Russian Orgs"

CryWiper is a new malicious program that functions similarly to crypto-ransomware. It overwrites and renames files before dropping a text file containing a ransom note and a Bitcoin address. However, the program deletes the contents of a victim's files. Researchers have found that the program currently targets Russian organizations but could easily be used against companies and organizations in other countries. According to the researchers, the camouflaged wiper program continues a trend of ransomware being used as a wiper, either intentionally or inadvertently. Wiper malware, which deletes critical data, has become a significant threat to both the private and public sectors. Russian agencies have used wipers in the conflict with Ukraine in an attempt to disrupt the country's critical services and defensive coordination. A decade ago, Iran used the Shamoon wiper program to encrypt and render inoperable over 30,000 hard drives at Saudi Aramco, the state-owned oil conglomerate of rival Saudi Arabia. CryWiper appears to be original malware, but the destructive malware employs the same Pseudo-Random Number Generator (PRNG) algorithm as IsaacWiper, a program used to attack public-sector organizations in Ukraine. Several Xorist ransomware variants and the Trojan-Ransom.MSIL.Agent family used the same email address in the note left by the CryWiper after its data corruption, but Trellix believes this was done to cause confusion. This article continues to discuss the CryWiper program aimed at Russian targets. 

Dark Reading reports "Wiper, Disguised as Fake Ransomware, Targets Russian Orgs"