1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Devious new malware poses as ransomware to wipe Russian court dat

    From TechnologyDaily@1337:1/100 to All on Mon Dec 5 13:00:04 2022
    Devious new malware poses as ransomware to wipe Russian court data

    Date:
    Mon, 05 Dec 2022 12:41:54 +0000

    Description:
    CryWiper has no intention of releasing encrypted data, with its only goal to cause as much damage as possible.

    FULL STORY ======================================================================

    Public organizations in Russia, including mayoral offices and courts, are being targeted by a brand new and quite devious malware variant.

    CryWiper poses as ransomware , trying to extort a little money out of the victims (0.5 bitcoin, or roughly $9,000 at press time), but its goal is not
    to get paid - its to destroy all the files found on the infected endpoint.

    Cybersecurity researchers from Kaspersky are reporting of pinpoint cyberattacks in Russia, in which infected files get a new extension - .cry (hence the name CryWiper). While local media said the attackers were
    targeting mayors offices and courts in the country, it's not known exactly
    how many entities they managed to compromise. Russians targeting Russians?

    What we do know, is that the malware shares common traits with two other malware strains - Trojan-Ransom.Win32.Xorist and Trojan-Ransom.MSIL.Agent.
    All of these have the same email address listed in the ransom note. Xorist
    was first seen in 2010, and is described as a Windows ransomware family targeting Russian-speaking and English-speaking users.

    CryWiper was written in C++ which, according to Ars Technica , is an unusual choice and points to the possibility of the threat actors using a non-Windows device to write the code. Read more

    This rather odd ransomware deletes your data just a few bytes at a time


    Russia blamed for Viasat network cyberattack


    Check out the best endpoint protection right now

    The same publication also states that the malware is relatively similar to IsaacWiper, a wiper malware that was recently targeting Ukraine-based businesses. Apparently, both wipers are using the same algorithm to generate pseudo-random numbers that overwrite the data in the files, that way corrupting them permanently.

    The attackers are allegedly using the Mersenne Vortex PRNG algorithm, which
    is another uncommon trait.

    Wipers are among the most dangerous malware variants out there, as their sole purpose is to wipe all of the data on the target endpoint, permanently. To defend against such attacks, users are advised to be careful when downloading email attachments and to make sure their software and hardware is always up
    to date. Having state-of-the-art cybersecurity solutions is also advised. These are the best firewalls right now

    Via: Ars Technica



    ======================================================================
    Link to news story: https://www.techradar.com/news/devious-new-malware-poses-as-ransomware-to-wipe -russian-court-data


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)