Wiper Malware Archives

Wiper Malware is Quickly Becoming a Major Threat

Backup, Cyber Security, email security, Ophtek, segmenting network, Wiper Malwarebackup, Cyber Security, email security, Ophtek, segmenting network, wiper malwareOphtek, LLC

Apr 2023

The world of malware evolves rapidly, sometimes from one day to another, but one of the most recent surges in popularity has been found in wiper malware.

You may not be familiar with wiper malware, but it’s a form of attack which has been steadily generating headlines over the last year. And the most recent data from FortiGuard Labs shows there was a 53% in wiper malware activity between Q3 to Q4 in 2022. Any increase in malware activity should be a concern, but anything which is over 50% represents a significant threat. This threat becomes magnified further when you consider the impact of wiper malware. Accordingly, there’s never been a more pressing time to learn about wiper malware.

What is Wiper Malware?

Wiper malware gets its name from its purpose of completely erasing all data from hard drives. Although it may seem similar to ransomware, wiper malware typically demands a fee in exchange for data recovery, but in reality, there is no chance of retrieving the data from the attackers. This type of cyber-attack is highly destructive and can cause harm not only to security but also to IT infrastructures.

Why is Wiper Malware Surging?

The initial surge in wiper malware, first observed in the first half of 2022, was attributed to the war in Ukraine. Most of this activity was the result of advanced persistent threat (APT) hacking groups from Russia supporting their governments campaign in Ukraine. And, as this conflict is still ongoing, the wiper malware threat has remained.

However, Fortinet has observed that the range of threat actors implementing wiper malware has now widened. So, as well as APT groups, wiper malware is also being unleashed by threat actors seeking financial gain and hacktivists looking to push political agendas. The research conducted by Fortinet also indicates that this surge currently shows no signs of slowing down, so it’s a threat which appears here to stay.

How Do You Combat Wiper Malware?

You may not feel as though your organization is a typical target for wiper malware, but this could quickly change due to the increased adoption of wiper malware. Therefore, you need to make sure you’re prepared for this type of attack:

Act promptly: In the event of a wiper malware attack, it’s crucial to begin segmenting your network to minimize the malware’s spread. This approach may not protect all your data, but it can help salvage significant portions. Additionally, keep a constant eye on your network for any unusual activities to prompt you into launching contingency efforts in such situations.

Ensure Careful Backups: one of the best ways to reduce the impact of a wiper malware attack is by taking proper backup measures. As malware can easily spread through networks, it’s essential to keep backups on isolated networks. Furthermore, it’s important to have multiple backups stored on different mediums to safeguard your data.

Beware of Email Threats: Malware distribution through email is a common method, and it’s easy to become a victim of such attacks. Even a momentary lapse in attention, such as not verifying a link correctly, can lead to an infection. Therefore, always hover over links to confirm their destination and, if in doubt, seek assistance from an IT professional.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Ukraine Hit by Wiper Malware

Backup, email links, Ophtek, Segment Network, Ukraine, Wiper Malwarebackup, email links, Ophtek, segment network, Ukraine, wiper malwareOphtek, LLC

Mar 2022

As with all aspects of modern life, everything is a target for cybercriminals, even war. And this has been demonstrated with wiper malware attacking Ukraine.

Amidst its conflict with Russian, Ukraine has also had to contend with hundreds of its computers falling victim to a strain of data wiper malware. As the name suggests, wiper malware is used to wipe hard drives clean of any data. While this sounds like ransomware, and indeed wiper malware often promises the return of data for a fee, the chances of retrieving this data from the hackers is zero. It’s a powerful and destructive cyber-attack, one which has the potential to cause significant damage not just to security, but also IT infrastructures.

It’s an attack method which could strike anywhere at any time, you don’t have to be in Ukraine. Therefore, it’s crucial that we understand how wiper malware works. And, more importantly, how to protect your data.

The Cyber-Attack on Ukraine

The wiper malware in this opportunistic attack, which comes at a time of intense internal chaos, has been identified as HermeticWiper. It followed on from an earlier attack which had targeted Ukraine’s banks through a number of co-ordinated DDoS attacks. It came several hours before Russia launched its invasion campaign but, as yet, nobody has been identified as being behind the attack. What is known is that it’s a new strain of malware which, according to its date stamp, was created towards the end of 2021. Clearly, this attack had been in the works for some time.

Once downloaded onto a PC, HermeticWiper sets about wiping all the data from its hard drive. It achieves this objective by taking advantage of existing disc and storage management software. With this software compromised, HermeticWiper turns it against the PC to corrupt any data within its grasp and then reboots the PC. But it doesn’t stop there. HermeticWiper is also keen to attack any data recover software on the machine and also interferes with the hard drive’s rebooting system.

How Do You Stop Wiper Malware?

The government of Ukraine has a significant reach and has appealed to its native hackers to assist in protecting the country’s IT infrastructures. Unfortunately, almost all organizations will struggle to raise this level of support. But there’s still plenty you can do:

Backup Carefully: it’s unlikely that you will be able to retrieve the original copies of your data, but if you backup correctly you shouldn’t have any problems. Malware, of course, can spread through networks like wildfire, so it’s important that you keep copies of your backups on isolated networks. And, don’t forget, multiple backups on different storage mediums is key to retaining your data.

Be Email Aware: email is one of the most common methods for distributing malware and it’s surprisingly easy to fall victim to these attacks. All it takes is a momentary lapse in concentration, such as not checking a link correctly, for malware to take hold of your PC. Therefore, always hover your mouse cursor over links to identify their true destination and, to be completely sure, ask an IT professional to verify the link before doing anything.

Act Quickly If Infected: as soon as a wiper-malware is attacked, it’s critical that you begin segmenting your networking to minimize the malware’s spread. While this will not protect all your data, it will allow you to save large chunks of your data. Accordingly, it’s important you ensure your networks are constantly monitored for unusual activity to help you launch a contingency effort such as this.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Category Archives: Wiper Malware