Analysts Fear Spread of Destructive ‘Wiper’ Malware

In concert with its military campaign in Ukraine, Russia is also apparently conducting sophisticated cyber warfare by targeting Ukraine’s government ministries and financial institutions with multiple strains of “wiper” malware. U.S. cybersecurity officials warn that these threats may eventually spill over to public- and private-sector organizations in this country.

Wiper Malware

Although the strains used in Ukraine appear to be new, wiper malware has actually been around since at least 2012. What makes it unusual is that it is specifically intended to be destructive, unlike most attacks designed for fraud or theft. While ransomware encrypts data, wiper malware is designed to wipe the hard drives of computers it infects.

These new variants, known as WhisperGate and HermeticWiper, masquerade as ransomware. Upon execution, they display ransom notes demanding Bitcoin payment for the release of encrypted files. That’s just a ruse, however.


Search and Destroy

The malware overwrites the master boot record (MBR), a key part of a PC’s startup system that contains information about the computer’s disk partitions and helps load the operating system. It won’t matter if you pay the ransom or not because the targeted data is destroyed and cannot be recovered.

Researchers have yet to firmly link the attacks to any known threat actor, but all signs point to Russia. It would not be the first time Russian hackers targeted Ukraine with wiper malware.

The NotPetya attack in 2017 initially targeted Ukraine before spreading to more than 60 countries worldwide, including the U.S. It was initially regarded as a large-scale ransomware attack, but it was eventually revealed that the malware was hiding a wiper. The ransom element simply disguised the true nature of the attack.


Large-Scale Damage

Ultimately, the NotPetya attack only generated about $10,000 in ransom, hardly a financial windfall. However, it affected more than 2,000 companies and resulted in more than $10 billion in damages, which is why it is generally considered the most devastating cyberattack ever. FedEx was among the hardest-hit U.S. companies, reporting losses of $400 million due to shipment disruptions and costs to restore systems.

Wiper malware is designed to wipe the hard drives of computers it infects.

Western governments were quick to accuse Russia of the attack. A White House spokesperson alleged that the NotPetya attack “was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict.” Russia was threatened with “international consequences” for launching “a reckless and indiscriminate cyberattack.”


Identification and Mitigation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn that the current wiper variants could spread to U.S. organizations from their overseas partners and subsidiaries. To improve awareness of the threat, the agencies have issued a joint alert describing indicators of compromise (IOCs) and preventive measures organizations should take.

In addition, we recommend that organizations immediately take the following actions:

  • Conduct regular scans with antivirus and antimalware programs.
  • Patch all known vulnerabilities and test the patches.
  • Enable strong spam filters to block phishing emails from reaching users.
  • Filter network traffic.
  • Keep software up-to-date.
  • Require multifactor authentication.
  • Test backup and restore functions.
  • Ensure you have a recent offline backup.
  • Conduct security awareness training for employees.
  • Segment networks to isolate critical applications and data and prevent lateral movement of threats.

GDS offers a comprehensive suite of security solutions and services to protect your organization against emerging threats. Contact our team today for a confidential consultation.



Benefits of Managed IT Services from Global Data Systems

      • Strategic Managed IT: We help you solve your technology related business problems.
      • Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
      • Support: When you need help simply call our 24x7x365 support number.
      • Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.

Contact Managed Services Provider, Global Data Systems >