according to local media coverageRussian courts and government agencies were hit by a previously undocumented data-wiping malware known as CryWiper.
The malware was first discovered in August when hundreds of PCs belonging to the Russian Supreme Court, Ministry of Justice and other courts across the country were infected with what was initially thought to be ransomware. was
Similar to traditional ransomware, CryWiper displays a ransom message demanding payment to recover encrypted data. In that case, CryWiper demanded victims to pay a bitcoin ransom.
However, detailed analysis reveals that CryWiper actually does not encrypt files on the attacked system, but instead overwrites them with garbage, deliberately making them unrecoverable (even if paid for). It turned out that
CryWiper’s intentional destruction of victims’ data does not generate income for its creators. In the end, rumors quickly spread that victims were unable to recover their data despite paying the ransom, preventing others from making a similarly expensive mistake.
Therefore, it is clear that the main purpose of CryWiper malware is not to make money, but to destroy data and disrupt organizational operations.
If I were a bettor, I would bet that the people responsible for CryWiper specifically targeted Russian systems as part of the ongoing digital conflict between Ukraine and Russia.
CryWiper is Ruransomanother data wiper disguised as traditional ransomware when attacking a Russian organization shortly after its invasion of Ukraine.
And all such attacks are not one-sided. Examples of data erasure malware targeting Ukraine this year include: double zero, airtight wiper, isaac wiper, whisper gateWhen caddy wiper.
It is important that all organizations, wherever they are in the world, take steps to reduce their exposure to hackers. Get your data back.