Public institutions in Russia, including mayor offices and courts, are being targeted by a completely new and rather insidious person. malware difference.
CryWiper pretends to be Ransomwaretries to get some money from the victims (0.5 bitcoin, or about $9,000 at time of writing), but its goal is not to get paid – but to destroy all files found on the infected endpoint.
Cybersecurity researchers from Kaspersky are reporting on “precise” cyberattacks in Russia in which infected files have a new extension – .cry (hence the name CryWiper). Although local media have reported that attackers are targeting mayor offices and courts in the country, it is not known exactly how many entities they have infiltrated.
Russians targeting Russians?
What we do know is that this malware shares characteristics with two other malware strains – Trojan-Ransom.Win32.Xorist and Trojan-Ransom.MSIL.Agent. These all have the same email address listed in the ransom note. Xorist first appeared in 2010 and was described as a line of Windows ransomware targeting Russian and English-speaking users.
CryWiper is written in C++, according to Ars techniqueis an unusual choice and indicates the possibility that threat actors use a non-Windows device to write code.
The same publication also says that the malware is relatively similar to IsaacWiper, a recent wiper malware that targeted businesses based in Ukraine. Apparently, both wipers are using the same algorithm to generate pseudo-random numbers that overwrite the data in the files, that way corrupting them permanently.
The alleged attackers use the Mersenne Vortex PRNG algorithm, which is another uncommon trait.
Wipers are one of the deadliest malware variants available, as their sole purpose is to “permanently wipe” all data on the target endpoint. To combat such attacks, users should be careful when downloading email attachments and make sure their software and hardware are always up to date. There’s state-of-the-art network security solution (opens in a new tab) also advised.
Through the: Ars technique (opens in a new tab)
