Cybersecurity researchers from Eset discovered data-destroying malware on a number of computer systems in Ukraine.
This is the 3rd variant of this type of malware that has attacked Ukrainian computer systems since the Russian invasion. The malware was named CaddyWiper by its inventor, a security researcher from Eset, a Slovak cybersecurity company.
According to the research team, the malware can delete user data and partition information from any hard drive connected to an infected computer. The way it works is by overwriting the data on the computer with blank characters, so that the data cannot be repaired.
"We know if a wiper (malware) works, it will effectively render the system useless. However, so far, it is not clear what the impact of this attack will be," said Jean Ian Boutin, head of threat research at Eset. Verge, Tuesday (15/3/2022).
So far, according to Eset, the number of cases of CaddyWiper malware is relatively small, and they only studied one organization in Ukraine that was the target of CaddyWiper.
Previously, Eset also found two other variants of the wiper malware that also targeted computers in Ukraine. The first variant, named the HermeticWiper, was discovered on February 23, the day before Russia began its invasion of Ukraine.
Then the second wiper malware was named IsaacWiper, the first appeared on February 24, the first day of the Russian invasion of Ukraine.
Even so according to Eset both IsaacWiper and HermeticWiper were in development months before their release. However, it was only active before the Russian invasion of Ukraine.
This wiper malware has a lot in common with ransomware in terms of its ability to access and modify files on the attacked system. But the difference is, if the ransomware encrypts data and is only opened when the ransom is paid, the wiper will destroy the data without any possibility of repair.
This means that the main purpose of these two malware is different, where the ransomware aims to make profit while the wiper really aims to damage the system.
From this main goal, it is assumed that the wiper malware was spread by pro-Russian hackers, namely to destroy data on Ukrainian computer systems. While hackers who support Ukraine have a different approach, namely stealing data from the Russian government and companies, and leaking it to the public.