Report: Wipers – Hackmageddon’s ultimate weapon

In the present analysis, some of the most widespread Wiper malware was considered.

Important elements of the analysis:

  • Analysis of the most peculiar characteristics of the wipers examined
  • Analysis of the extracted strings
  • Analysis of the masquerading peculiarities of certain samples
  • Analysis of the differences between the samples examined
  • Analysis of some credential discovery functions performed
  • Analysis of loop instructions and files gathering
  • Disassembling of the samples under examination, highlighting some register operations
  • Analysis of packing and entropy conditions
  • Analysis of WhisperGate, which has ransomware masquerading characteristics

Recently, a new threat is posing a serious risk to the cybersecurity of companies and administrations around the world: these are “Wiper” malware, which are designed to erase data on infected computer systems, causing irreparable damage to business operations and public institutions.

The first case of wiper infection was observed in 2012 and affected Iran’s Ministry of Petroleum. One of the most widespread attacks, however, was in June 2017 with the infamous wave of NotPetya infections. The damage was later estimated at more than $10 billion. Several organizations and critical infrastructures in Ukraine were affected by this wave of NotPetya, including radiation monitoring systems at the nuclear power plant in Chernobyl.

Notably, on Feb. 24, 2022, the wiper called AcidRain was used in a cyber attack against Viasat’s satellite Internet service, affecting several countries, including Italy.

SwiftSlicer, discovered by Fortinet researchers on Jan. 25, 2023, was used to conduct a cyber attack on Ukrainian infrastructure. This virus does not target ransom or monetization, but only data destruction and sabotage of computer systems.

The day before the invasion of Ukraine by Russian forces on February 24, 2022, a new wiper unleashed against a number of Ukrainian entities, known as “HermeticWiper,” was discovered based on a digital certificate stolen from a company called Hermetica Digital Ltd.

Read more:

Press release: Tinexta Cyber makes an exponential leap in cybersecurity with Google Cloud’s Chronicle
LockBit MacOS Malware Analysis 

Cyber Incident Swascan Emergency

Contact us for immediate support

The undersigned, as data subject, DECLARES that I have read and understood the content of the privacy policy pursuant to Article 13, GDPR. AGREE to the processing of data in relation to the sending by the Data Controller of commercial and / or promotional communications relating to (i) own products / services, or (ii) products / services offered by third parties.
The consent given may be revoked at any time by contacting the Data Controller at the addresses provided in the aforementioned privacy policy.