A new strain data-wiping malware, which has the ability to deletes files from both the computer and the storage drives connected to it, has been located in Ukraine.
Η ESET first detected this Windows-based malware on Monday and named it "CaddyWiper“. The company he remarked that the code is only 9KB in size, while in "a few dozen systems in a limited number of organizations" in Ukraine.
# BREAKING #ESETresearch warns about the discovery of a 3rd destructive wiper deployed in Ukraine 🇺🇦. We first observed this new malware we call #CaddyWiper today around 9h38 UTC. 1/7 pic.twitter.com/gVzzlT6AzN
- ESET research (@ESETresearch) March 14, 2022
The creators of the malware are still unknown, but ESET said that CaddyWiper installed on the systems after the hackers had already breached their victim network. This malware violated the "Group Policy Objectt ”of the victim. The "Group Policy Object" was created by Microsoft to help administrators manage computers on a corporate network.
The Ukrainian authorities believe that the latest CaddyWiper executive is targeting the country's financial institutions.
Victor Zhora of @dsszzi to @KimZetter: on press call: the latest wiper attack - as reporter by ESET - was targeting financial institutions in Ukraine. #CaddyWiper pic.twitter.com/YeYGL4tRCK
- Henrik Moltke (@moltke) March 15, 2022
Also, its security unit Cisco, Talos, examined the program and detected that it first corrupts the files in "C: \ Users" and then continues to target other disk names until it reaches the disk "Z”. They said: "This means that this wiper will try to delete data from any unit on the network that is connected to the system."
This software will delete data and prevent their recovery by replacing each file and storage partition with zeros. If the software detects that the computer is a "domain controller" then it will not delete the data. Ο “domain controllerIs a server that responds to "authentication requests" made on this network.
ESET stated: “This is probably one way for attackers to maintain access to the organization while still blocking other functions."
According to ESET again, the CaddyWiper bears no resemblance, in terms of code, to the other three similar malware that attacked Windows PCs in Ukraine in recent weeks. The beginning of this software was WhisperGate where it was detected by Microsoft in January. In February and March, security companies located the HermeticWiper and IsaacWiper which had spread to Ukrainian companies when Russia invaded the country.
The incidents led the US to warn that the same attacks could well be carried out on US companies. The competent authorities of the USA they suggest to the country's agencies to upgrade their security. Such upgrades may include: more virus controls, up-to-date software and usage.multi-factor authentication”On all connection systems.
Press Release
Do not forget to follow it Xiaomi-miui.gr on Google News to be informed immediately about all our new articles! You can also if you use RSS reader, add our page to your list by simply following this link >> https://news.xiaomi-miui.gr/feed/gn
