Destructive Wiper malware discovered in Ukraine
Cybersecurity researchers at ESET discovered a new form of wiper malware circulating in Ukraine.
Dubbed CaddyWiper, ESET said that this is the third strain of the destructive malware deployed in the country.
According to ESET, CaddyWiper erases user data and partition information from attached drives.
The cybersecurity research organisation explained that the malware shares no significant code with the previous wipers deployed in Ukraine and that the sample analysed was not digitally signed.
It also noted that CaddyWiper avoids deleting data on domain controllers. This is what ESET believes allows the “attackers to keep their access inside the organisation while still disturbing operations.”
Telemetry data indicates that the malware was compiled on the same day it was deployed.
The Verge reported that sample code from CaddyWiper indicates that the malware destroys files by overwriting them with null byte characters. This results in the files being unrecoverable.
“We know that if the wiper works, it will effectively render the system useless,” ESET’s head of threat research, Jean-Ian Boutin, told The Verge.
#BREAKING #ESETresearch warns about the discovery of a 3rd destructive wiper deployed in Ukraine 🇺🇦. We first observed this new malware we call #CaddyWiper today around 9h38 UTC. 1/7 pic.twitter.com/gVzzlT6AzN
— ESET research (@ESETresearch) March 14, 2022
“However, it is unclear at this point what is the overall impact of this attack.”
It was distributed similarly to the HermaticWiper that targeted multiple Ukrainian organisations on Wednesday, 23 February.
The HermaticWiper cyberattack occurred a few hours before the start of the invasion of Ukraine by Russian Federation forces.
One day later, a second attack on a Ukrainian government network began. The attack made use of the IsaacWiper, so named by ESET.
Wiper programs are similar to ransomware in their ability to infect and corrupt files on a system.
However, ransomware encrypts data until a ransom is paid to the attackers while wipers permanently destroy disk data.
Loading ...