"Wipermania: Malware Remains a Potent Threat, 10 Years Since 'Shamoon'"

Since the "Shamoon" virus rendered nearly 30,000 client and server systems at Saudi Aramco inoperable more than ten years ago, destructive wiper malware still remains a major threat to enterprise organizations. Max Kersten, a malware analyst at Trellix, recently examined more than 20 wiper families that threat actors have used in various attacks since the year's beginning. Kersten's analysis included a comparison of the technical aspects of the various wipers, including their similarities and differences. The analysis covered wipers used extensively by threat actors against Ukrainian targets, particularly just before Russia invaded the country, as well as more generic wipers found in the wild. His research revealed that the evolution of wipers since Shamoon has been vastly different from that of other types of malware tools. The malware used by threat actors in espionage campaigns has become increasingly sophisticated and complex over time, whereas wipers have evolved very little, despite remaining as destructive as ever. Kersten believes that much of this is due to how and why threat actors use them. In contrast to spyware and other malware for targeted attacks and cyber espionage, adversaries have little incentive to develop new functionality for hiding wipers on a network once they have snuck it on there in the first place. Wipers, by definition, work to erase or overwrite data on computers and are thus loud and visible once launched. This article continues to discuss findings from Kersten's in-depth analysis of system-destroying malware families. 

Dark Reading reports "Wipermania: Malware Remains a Potent Threat, 10 Years Since 'Shamoon'"