Researchers have identified a new strain of damaging wiper malware impacting computers in Ukraine, making it at least the third strain of wiper malware to have infiltrated Ukrainian networks since the Russian invasion began.
CaddyWiper virus was discovered by researchers at Slovakia-based cybersecurity firm ESET, who released data in a Monday tweet thread.
The malware, according to the experts, erases user data and partition information from all drives connected to a compromised machine. The malware, according to sample code released on Twitter, corrupts files on the machine by overwriting them with null byte characters, rendering them unrecoverable.
« We know that if the wiper works, it will practically leave the machine worthless, » ESET’s chief of security research, Jean-Ian Boutin, told BlueHillco. « However, at this point, it is unknown what the total consequence of this attack will be. »
So far, the number of cases in the wild appears to be minimal, and ESET’s research has identified one organization that has been targeted by CaddyWiper, according to Boutin.
Previously, ESET researchers discovered two other strains of wiper malware targeting PCs in Ukraine. The first strain, HermeticWiper, was found on February 23rd, one day before Russia launched its armed invasion of Ukraine. On February 24th, another wiper known as IsaacWiper was deployed in Ukraine.
However, according to ESET’s timetable, both IsaacWiper and HermeticWiper were under development for months before their release.
:no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/23315668/IsaacWiperTimeline.png)
Wiper programs, like ransomware, can access and edit files on a hacked system, but unlike ransomware, which encrypts data on a drive until a release price is given to attackers, wipers permanently obliterate disk data and provide no method to restore it. This signifies that the malware’s sole goal is to cause harm to the victim rather than to generate a cash return for the attacker.
While pro-Russian hackers employed malware to damage data on Ukrainian computer systems, other Ukrainian hackers used the opposite strategy, exposing data from Russian businesses and government institutions as an aggressive tactic.
Overall, large-scale cyberwarfare has yet to materialize in the Russia-Ukraine conflict, but larger attacks may be on the way. The Cybersecurity and Infrastructure Agency (CISA) in the United States has issued an advice to companies warning that they may be affected by the same type of damaging malware used in Ukraine.
