HOME

TheInfoList



Click Here for Items Related To - Wiper (malware)
OR:
Wiper (malware) on:   [Wikipedia]   [Google]   [Amazon]

In
computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
, a wiper is a class of
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
intended to erase (wipe, hence the name) the
hard drive A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating hard disk drive platter, pla ...
or other static memory of the computer it infects, maliciously deleting data and programs.


Examples

A piece of malware referred to as "Wiper" was allegedly used in attacks against
Iranian Iranian () may refer to: * Something of, from, or related to Iran ** Iranian diaspora, Iranians living outside Iran ** Iranian architecture, architecture of Iran and parts of the rest of West Asia ** Iranian cuisine, cooking traditions and practic ...
oil companies. In 2012, the
International Telecommunication Union The International Telecommunication Union (ITU)In the other common languages of the ITU: * * is a list of specialized agencies of the United Nations, specialized agency of the United Nations responsible for many matters related to information ...
supplied
Kaspersky Lab Kaspersky Lab (; ) is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky a ...
with hard drives allegedly damaged by Wiper for analysis. While a sample of the alleged malware could not be found, Kaspersky discovered traces of a separate piece of malware known as Flame. The Shamoon malware contained a disk wiping mechanism; it was employed in 2012 and 2016 malware attacks targeting Saudi energy companies, and utilized a commercial direct drive access driver known as Rawdisk. The original variant overwrote files with portions of an image of a
burning Combustion, or burning, is a high-temperature exothermic redox chemical reaction between a fuel (the reductant) and an oxidant, usually atmospheric oxygen, that produces oxidized, often gaseous products, in a mixture termed as smoke. Combust ...
U.S. flag. The 2016 variant was nearly identical, except using an image of the body of Alan Kurdi instead. A wiping component was used as part of the malware employed by the Lazarus Group—a cybercrime group with alleged ties to
North Korea North Korea, officially the Democratic People's Republic of Korea (DPRK), is a country in East Asia. It constitutes the northern half of the Korea, Korean Peninsula and borders China and Russia to the north at the Yalu River, Yalu (Amnok) an ...
, during the 2013 South Korea cyberattack, and the 2014 Sony Pictures hack. The Sony hack also utilized RawDisk. In 2017, computers in several countries—most prominently
Ukraine Ukraine is a country in Eastern Europe. It is the List of European countries by area, second-largest country in Europe after Russia, which Russia–Ukraine border, borders it to the east and northeast. Ukraine also borders Belarus to the nor ...
, were infected by NotPetya, which is a variant of the Petya ransomware that was a wiper in functional sense. The malware infects the
master boot record A master boot record (MBR) is a type of boot sector in the first block of disk partitioning, partitioned computer mass storage devices like fixed disks or removable drives intended for use with IBM PC-compatible systems and beyond. The concept ...
with a payload that encrypts the internal file table of the NTFS file system. Although it still demanded a ransom, it was found that the code had been significantly modified so that the payload could not actually revert its changes, even if the ransom were successfully paid. Several variants of wiper malware were discovered during the 2022 Ukraine cyberattacks on computer systems associated with Ukraine. Named ''CaddyWiper'', ''HermeticWiper'', ''IsaacWiper'', and '' FoxBlade'' by researchers, the programs showed little relation to each other, prompting speculation that they were created by different state-sponsored actors in Russia especially for this occasion.


Solution

Reactive redundancy is a possible solution for data destruction protection. Researchers are able to create systems capable of analyzing write buffers before they reach a storage medium, determine if the write is destructive, and preserve the data under destruction. Moreover regular backups (as long as stored on an external device) provide the ability to restore lost data.


References

{{Information security Types of malware