Researchers have found a new type of destructive wiper malware affecting computers in Ukraine, making it at the least the third strain of wiper to have hit Ukrainian systems because the Russian invasion started.
The malware, dubbed CaddyWiper, become determined through researchers at Slovakia-primarily based cybersecurity company ESET, who shared information in a tweet thread posted Monday.
According to the researchers, the malware erases user information and partitions records from any drives attached to a compromised system. Sample code shared on Twitter shows the malware corrupts documents in the system by way of overwriting them with null byte characters, building unrecoverable.
Up to now, the range of instances in the wild seems to be small, and ESET’s studies had located one corporation being targeted with CaddyWiper, Boutin stated.
ESET research has formerly uncovered different lines of wiper malware focused on computers in Ukraine. The primary strain, categorized HermeticWiper via researchers, turned determined on February 23rd, one day earlier than Russia commenced the army invasion of Ukraine. Some other wiper called IsaacWiper was deployed in Ukraine on February 24th.
However, a timeline shared by ESET suggests that both IsaacWiper and HermeticWiper have been in development for months earlier than their launch.
Read More: A fake Ethereum mining fix for Nvidia GPUs was malware
Wiper packages share some similarities with ransomware in terms of their capacity to access and regulate documents on a compromised system, however, unlike ransomware — which encrypts records on a disk until a release price is paid to attackers — wipers completely delete disk data and provide no manner to recover it. This shows the objective of the malware is purely to reason damage to the goal in preference to extract any economic reward for the attacker.
While pro-Russia hackers have used malware to spoil the statistics on Ukrainian computer systems, some hackers who support Ukraine have taken the alternative method, leaking records from Russian organizations and authority agencies as an offensive tactic.
General, the large-scale cyber battle has to date failed to materialize in the Russia-Ukraine conflict, but big attacks maybe still in store. Inside the US, the Cybersecurity and Infrastructure employer (CISA) has posted an advisory to businesses warning that they could be impacted by using the equal type of destructive malware being used in Ukraine.