If you think ransomware attacks are the deadliest of cyberattacks, think again. While extremely devastating, you can at least retrieve your encrypted files after ransomware negotiations in many cases.
Unfortunately, this is not the case with a vicious malware known as wiper, whose sole purpose is not to steal money but rather to cause destruction and damage.
So, how did this deadly malware originate? What are its different strains, and are there ways to protect against it? Let’s find out below.
What Is the Wiper Malware?
The wiper is not your typical malware. Like a hurricane, this malware wipes away everything that comes in its path. The sole purpose of this malware is to cause defacement and destruction for the victims.
While it can end up causing substantial financial losses for the affected parties, its primary goal is not to steal money or sell information to cybercriminals but rather the destruction itself.
But why does this malware gravitate towards destruction? Although attackers can have many reasons for their actions, they often seem to be either trying to send a political message or simply attempting to cover up their tracks after the data exfiltration occurs.
The Origins of Wiper Malware
The first instances of the wiper malware originated in the Middle East back in 2012 and later in South Korea in 2013. But this malware did not come under the limelight until 2014, when several high-profile companies got paralyzed by it.
That same year, the first wiper attack was conducted in the US against Sony Pictures Entertainment along with several other malware attacks that targeted the country, prompting the FBI to issue an emergency flash alert to companies.
How Does the Wiper Attack?
Threat actors may use various techniques to detonate the wiper malware. The three common ones they employ include targeting files or data, system and data backups, and system boot of an operating system.
Out of all three techniques, file destruction takes the longest to complete. And to avoid wasting precious time, most wipers don’t overwrite entire disk drives and instead write minuscule amounts of data randomly at specific intervals to destroy the files.
In most cases, the wiper targets the files for essential system recovery tools first to make sure there’s no option for recovery left.
Top Examples of Wiper Variants
Wiper malware has severely impacted several high-profile organizations and governments in the past decade. Here are some real-world examples of the wiper variants that caused serious repercussions around the globe.
One of the most popular variants of the wiper malware, Shamoon, attacked Saudi Aramco and various other Middle Eastern oil companies between 2012 and 2016. The malware infiltrated personal computers and destroyed over 30,000 hard drives using a direct drive access driver called RawDisk.
The Shamoon variant is self-propagating. Through shared network disks, it spreads from one device to another and leaves no option for the victims to recover the destroyed data. Utilizing the RawDisk driver overwrites disks and then wipes the master boot record (MBR), which also prevents the system from booting up.
Meteor is a reusable strain of the wiper malware. This variant can be configured externally and comes with vicious capabilities, including changing user passwords, disabling recovery mode, and issuing malicious commands, among others.
This variant caused extreme disruptions and chaos for Iran’s train services when it first surfaced in July 2021.
NotPetya is considered the most damaging of the wiper variants. It was discovered in 2017 and caused roughly $10 billion in damages to multinational companies.
It’s also one of the most interesting wiper strains because it projects itself to be ransomware when in reality, it is not. The confusion arises because of one of its original strains, Petya—a ransomware attack where the victim’s machines were provided with a decryption key after a ransom payment.
This infamous variant of the wiper malware was invented to wipe data from targeted systems. It emerged in 2019 when it attacked various energy companies across the Middle East. Thousands of systems were infected in the wake of this attack and were left exposed to future episodes as well.
The main premise behind ZeroCleare is to overwrite disk partitions and MBR on Windows-based machines using EldoS RawDisk.
This is the newest strain of the wiper malware that inflicted targeted attacks against the Ukrainian government in January 2022, as identified by Microsoft Threat Intelligence Center. The attack defaced various website domains—at least seventy websites—owned by the country’s government.
While WhisperGate might carry a striking resemblance to NotPetya, this strain is even more damaging, especially considering it’s new.
Tips to Protect Against the Wiper Malware
Do you want to avoid becoming the next victim of the wiper malware? Here are a few tips to help you stay protected from such attacks.
Update Malware Protection
Malware threats are ever-evolving and changing by the day. Therefore, your malware and security protection must always be up-to-date.
To ensure this, you can configure your anti-malware software to update signatures daily. In the case of servers, more stringent protection is necessary, so it’s best to set up hourly updates. Your firewalls and other malware protection should also get updated every fifteen minutes, if possible.
Educate Users on Cyberattacks
Informed users can be the best form of defense against cyberattacks. Employees are the weakest link in any organization, so educate your staff on phishing scams, URL anomalies, odd attachments, and other attack vectors.
Also, you can consider developing a human firewall—a cybersecurity solution that accounts for the human factor—to train employees on the security best practices.
Perform Regular Backups
A strong disaster recovery plan can minimize both data loss and downtime. By setting up robust backups, data de-duplication, and virtual desktop infrastructure, you can recover your data even after a major wiper attack or any malware attack for that matter.
Patch Operating System and Software
Contrary to popular belief, most operating system (OS) updates are security-related and not just related to features. These patches provide the required protection against identified vulnerabilities since an OS or software release.
Therefore, you must keep applying the patches as they become available. While it’s terrible to fall victim to a malware attack, it’s even worse to get attacked by an exploit that was already patched because you failed to update your machine.
Stay Prepared to Mitigate Malware
There’s nothing worse than getting infected by malware. And when it comes to the wiper malware, victims not only face data and financial loss but also suffer the consequences of a tarnished business reputation.
However, while malware occurrences are highly prevalent, no strain of malware is impossible to mitigate, especially if you stay prepared and follow the tips mentioned above. So, next time you encounter malware, don’t be clueless. Instead, be ready to deal with it quickly.
A malware campaign that hides malicious components as genuine executable files, Blister malware is both stealthy and destructive.
About The Author