Malware Destroys Data in Russian Courts and Municipal Governments

Its goal is complete data erasure from the compromised device.

Russia's municipal government and judicial system have become the latest targets of a sophisticated malware strain.

CryWiper masquerades as ransomware to extract a small amount of money from victims, reportedly around 0.5 bitcoin, or $9,000 at press time.

However, TechRadar reported that it is intended to delete all data on the infected endpoint regardless of whether or not the ransom is paid.

Malicious Software

Kaspersky Labs, a cybersecurity firm, has discovered "pinpoint" cyberattacks in Russia, giving infected files a new suffix .cry (hence the name CryWiper).

The number of compromised institutions is unknown, but local media said they included the mayor's offices and courts around the nation.

Reports indicate that this malicious software shares characteristics with two other strains of malware: the Trojan-Ransom.Win32.Xorist (or simply Xorist) and Trojan-Ransom.MSIL.Agen.

The ransom letter for each of them has the same email address. In 2010, Xorist was first spotted; it is a Windows ransomware family that mostly affects victims in Russia and the US.

Read Also: Two Malware Variants Linked to China Infect Uyghur-language Apps, as Per Cybersecurity Research

Wiper Virus

According to Ars Technica, the wiper virus has become more prevalent over the last decade.

The Saudi oil company Saudi Aramco and the Qatari gas company RasGas were both severely damaged by the 2012 wiper known as Shamoon. Multiple Saudi Arabian businesses were hit by a new strain of Shamoon four years after the first incident.

In 2017, a self-replicating virus known as NotPetya resulted in an estimated $10 billion in damage throughout the world in a couple of hours.

In the past year, a lot of new types of wiper malware have emerged. DoubleZero, IsaacWiper, HermeticWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, and RuRansom are all examples of such viruses.

The Attackers

The fact that CryWiper was built in C++ is very rare and suggests the threat actors may have used a non-Windows computer to create the malware, said the report by Ars Technica.

This virus has been compared in the same source to the wiper software known as IsaacWiper, which has lately been attacking companies in Ukraine. Both wipers seem to employ the same technique to produce the pseudo-random numbers that are used to overwrite the files, rendering them unusable.

The attackers' use of the Mersenne Vortex PRNG method is another unusual aspect of their attacks.

Protecting Your Devices

The objective of wipers, among the most severe types of malware, is to destroy all data on the infected device. Wifi and other network vulnerabilities are routinely used in successful wiper attacks.

Users may protect themselves against these types of assaults by constantly using the most up-to-date versions of their operating system, web browser, and other installed applications.

Maintaining cutting-edge protections against cyber threats is always a good idea.

Kaspersky recommended further safety measures for network administrators, such as endpoint protection via behavioral file analysis, dynamic mail attachment analysis and malware prevention, and monitoring threats.

Trisha Andrada
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics