Devious new malware poses as ransomware to wipe Russian court data

CryWiper has no intention of releasing encrypted data

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Public organizations in Russia, including mayoral offices and courts, are being targeted by a brand new and quite deviousmalwarevariant.

CryWiper poses asransomware, trying to extort a little money out of the victims (0.5 bitcoin, or roughly $9,000 at press time), but its goal is not to get paid - it’s to destroy all the files found on the infected endpoint.

Cybersecurity researchers from Kaspersky are reporting of “pinpoint” cyberattacks in Russia, in which infected files get a new extension - .cry (hence the name CryWiper). While local media said the attackers were targeting mayor’s offices and courts in the country, it’s not known exactly how many entities they managed to compromise.

Russians targeting Russians?

What we do know, is that the malware shares common traits with two other malware strains - Trojan-Ransom.Win32.Xorist and Trojan-Ransom.MSIL.Agent. All of these have the same email address listed in the ransom note. Xorist was first seen in 2010, and is described as a Windows ransomware family targeting Russian-speaking and English-speaking users.

CryWiper was written in C++ which, according toArs Technica, is an unusual choice and points to the possibility of the threat actors using a non-Windows device to write the code.

This rather odd ransomware deletes your data just a few bytes at a time>Russia blamed for Viasat network cyberattack>Check out the best endpoint protection right now

The same publication also states that the malware is relatively similar to IsaacWiper, a wiper malware that was recently targeting Ukraine-based businesses. Apparently, both wipers are using the same algorithm to generate pseudo-random numbers that overwrite the data in the files, that way corrupting them permanently.

The attackers are allegedly using the Mersenne Vortex PRNG algorithm, which is another uncommon trait.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Wipers are among the most dangerous malware variants out there, as their sole purpose is to “wipe” all of the data on the target endpoint, permanently. To defend against such attacks, users are advised to be careful when downloading email attachments and to make sure their software and hardware is always up to date. Having state-of-the-artcybersecurity solutionsis also advised.

Via:Ars Technica

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

3 reasons why PIA fell in our best VPN rankings

I’ve covered Black Friday for eight years and these are the deals I’d buy from the early sales