Wiper-type malware 'Caddy Wiper' that completely destroys data is found in Ukraine, this is the third since just before the Russian invasion
Unlike spyware that steals data and ransomware that encrypts and demands money, 'Caddy Wiper', a wiper -type malware aimed at attacks by purely destroying data, has been found in Ukraine. This is the third time that similar malware has been found in Ukraine since February 2022, when the Russian invasion began.
New CaddyWiper data wiping malware hits Ukrainian networks
https://www.bleepingcomputer.com/news/security/new-caddywiper-data-wiping-malware-hits-ukrainian-networks/
Researchers find new destructive wiper malware in Ukraine --The Verge
https://www.theverge.com/2022/3/14/22977873/ukraine-new-destructive-caddywiper-malware-eset
ESET, a cybersecurity company based in Ukraine's neighboring country Slovakia, reported on Twitter on March 15, 2022 that it first discovered Caddy Wiper, a wiper-type malware that deletes data.
#BREAKING #ESETresearch warns about the discovery of a 3rd destructive wiper deployed in Ukraine ????????. We first observed this new malware we call #CaddyWiper today around 9h38 UTC. 1/7 pic.twitter.com/gVzzlT6AzN
— ESET research (@ESETresearch) March 14, 2022
According to ESET, CaddyWiper will erase user data and partition information from any device connected to the infected machine and overwrite the file data with null byte characters to make it unrecoverable.
We have also seen code that identifies whether a machine is a domain controller that manages the network and prevents it from erasing data on that machine. Regarding this, Bleeping Computer, a news site that handles security information, said, 'It is a tactic to erase data of other devices while maintaining the intrusion route established in the organization targeted by the attacker and cause great damage to the organization. I can think of it. '
Interestingly, CaddyWiper avoids destroying data on domain controllers. This is probably a way for the attackers to keep their access inside the organization while still disturbing operations. 5/7 pic.twitter.com/xiXgOMe5wr
— ESET research (@ESETresearch) March 14, 2022
ESET principal investigator Jean-Ian Boutin told IT news site The Verge, 'We know that if this wiper works, the system will be virtually unusable. The overall impact is not yet known. ' According to ESET research, Caddy Wiper has been targeted by only one organization so far.
In Ukraine, three malware have been found so far that focus on data corruption, similar to Caddy Wiper. The first is the 'Whisper Gate,' which was found in an attack disguised as ransomware in mid-January 2022, when tensions were rising on the Ukrainian-Russian border. This wiper was discovered by Microsoft.
In addition, ESET discovered the same wiper 'Hermetic Wiper' on February 23, the day before the invasion of Ukraine, and 'Isaac Wiper' on the day of the invasion.
CaddyWiper does not share any significant code similarity with #HermeticWiper , #IsaacWiper or any other malware known to us. The sample we analyzed was not digitally signed. 3/7 https://t.co/EGp9NnctD9
— ESET research (@ESETresearch) March 14, 2022
So far, there have been no reports of similar malware identified in Ukraine attacking non-target organizations. However, in 2017, there were cases where ransomware discovered in a cyber attack on Ukraine raged worldwide, so the US Cyber Security and Infrastructure Security Agency was found in Ukraine to be destructive. We have issued recommendations to call attention to malware.
Related Posts: