top of page

Wiper malware threat to continue this year

Last year witnessed an increase in destructive wiper malware with researchers identifying 12 new variants across the threat landscape in 2022 alone...and there's more to come in 2023!



Wiper malware attacks are particularly dangerous as the primary aim is to permanently delete files found on a victim’s network, thus eliminating the chances of retrieving data back.


Since resurfacing, wiper malware has leveraged multiple techniques that are used to evade detection and analysis.


Many of the wiper malware samples analysed so far have posed as ransomware, meaning they leverage many of the same techniques, but without the possibility of file recovery. These include encrypting files, providing a Bitcoin address for payment, and delivering a ransom note.


However, in reality, a wiper is leveraged with the main aim of simply destroying data using a range of techniques including encrypting files and destroying the key, overwriting the Master Boot Record of the targets disk, overwriting the Master File Table and the use of third-party tooling.


As the Ukrainian counteroffensive progressed, this fueled an increase in wiper malware to destroy data from networks of organisations involved in power generation, water supply, and the transportation of people and goods.


One example is “CaddyWiper”, a variant that was used shortly after the conflict started to erase data and partition information from drives on systems belonging to a small number of Ukrainian organisations.



Other malware wiper families have been discovered also obtaining a Pro-Russian motive, such as HermeticWiper and IsaacWiper.


However, wiper malware attacks have also been observed spilling over and targeting countries outside of Russia and Ukraine.


Although attacks observed so far have been widely used to aid the Russia-Ukraine cyber offensive, it is highly likely there will be an increase in wiper malware attacks throughout 2023 for a range of differing motives due to their newfound popularity.


Motivations could range from financial gain, sabotage, destruction of evidence and the continued cyberwar.


Given the 12 malware families identified this past year, it is almost certain the threat of malware wipers will remain this year.


However, the unexpected surge in this malware makes it more difficult to protect against attacks as there has been limited detections.


There are several best practices that organisations are urged to implement to minimise the impact of wiper malware including sufficient backups, network segmentation and appropriate disaster recovery and incident response plans.


 

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

 

Comments


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page