Wiper (malware)

In

hard drive

or other static memory of the computer it infects, maliciously deleting data and programs.

Examples

A piece of malware referred to as "Wiper" was allegedly used in attacks against Iranian oil companies. In 2012, the International Telecommunication Union supplied Kaspersky Lab with hard drives allegedly damaged by Wiper for analysis. While a sample of the alleged malware could not be found, Kaspersky discovered traces of a separate piece of malware known as Flame.^[1]^[2]^[3]

The

Alan Kurdi instead.^[4]^[5]

A wiping component was used as part of the malware employed by the

Sony Pictures hack.^[6]^[7]^[8] The Sony hack also utilized RawDisk.^[4]

In 2017, computers in several countries—most prominently

NotPetya, which is a variant of the Petya ransomware that was a wiper in functional sense. The malware infects the master boot record with a payload that encrypts the internal file table of the NTFS file system. Although it still demanded a ransom, it was found that the code had been significantly modified so that the payload could not actually revert its changes, even if the ransom were successfully paid.^[9]^[10]

Several variants of wiper malware were discovered during the 2022 Ukraine cyberattacks on computer systems associated with Ukraine. Named CaddyWiper, HermeticWiper, IsaacWiper, and FoxBlade by researchers, the programs showed little relation to each other, prompting speculation that they were created by different state-sponsored actors in Russia especially for this occasion.^[11]

Solution

Reactive redundancy is a possible solution for data destruction protection. Researchers are able to create systems capable of analyzing write buffers before they reach a storage medium, determine if the write is destructive, and preserve the data under destruction.^[12]

References

^ "Destructive Malware - Five Wipers in the Spotlight". Securelist. Retrieved 2017-07-03.
^ Zetter, Kim. "Wiper Malware That Hit Iran Left Possible Clues of Its Origins". Wired.com. Retrieved 2017-07-03.
^ Erdbrink, Thomas (23 April 2012). "Facing Cyberattack, Iranian Officials Disconnect Some Oil Terminals From Internet". The New York Times. Archived from the original on 31 May 2012. Retrieved 29 May 2012.
^ ^a ^b "Shamoon wiper malware returns with a vengeance". Ars Technica. Retrieved 2017-07-03.
^ Perlroth, Nicole (2012-08-24). "Among Digital Crumbs from Saudi Aramco Cyberattack, Image of Burning U.S. Flag". Bits. The New York Times. Retrieved 2017-07-03.
^ "Inside the "wiper" malware that brought Sony Pictures to its knees [Update]". Ars Technica. Retrieved 2017-07-03.
CNNMoney
. Retrieved January 4, 2015.

^ Zetter, Kim. "The Sony Hackers Were Causing Mayhem Years Before They Hit the Company". Wired. Retrieved 2017-07-03.

^ "Tuesday's massive ransomware outbreak was, in fact, something much worse". Ars Technica. 28 June 2017. Retrieved 2017-06-28.

^ "Cyber-attack was about data and not money, say experts". BBC News. 29 June 2017. Retrieved 29 June 2017.

^ "Sicherheitsforscher finden neue Zerstörungs-Malware auf ukrainischen Computersystemen". standard.at. Retrieved 2022-03-15.

ISSN 0167-4048
.

v
t
e
Information security
Related security categories

Computer security

Automotive security

Cybercrime
Cybersex trafficking

Computer fraud

Cybergeddon

Cyberterrorism

Cyberwarfare

Electromagnetic warfare

Information warfare

Internet security

Mobile security

Network security

Copy protection

Digital rights management

vectorial version
Threats

Adware

Advanced persistent threat

Arbitrary code execution

Backdoors

Hardware backdoors

Code injection

Crimeware

Cross-site scripting

Cross-site leaks

DOM clobbering

History sniffing

Cryptojacking

Botnets

Data breach

Drive-by download

Browser Helper Objects

Viruses

Data scraping

Denial-of-service attack

Eavesdropping

Email fraud

Email spoofing

Exploits

Hacktivism

Insecure direct object reference

Keystroke loggers

Logic bombs

Time bombs

Fork bombs

Zip bombs

Fraudulent dialers

Malware

Payload

Phishing
Voice

Polymorphic engine

Privilege escalation

Ransomware

Rootkits

Scareware

Shellcode

Spamming

Social engineering

Spyware

Software bugs

Trojan horses

Hardware Trojans

Remote access trojans

Vulnerability

Web shells

Wiper

Worms

SQL injection

Rogue security software

Zombie

Defenses

Application security
Secure coding

Secure by default

Secure by design
Misuse case

Computer access control
Authentication
Multi-factor authentication

Authorization

Computer security software
Antivirus software

Security-focused operating system

Data-centric security

Obfuscation (software)

Data masking

Encryption

Firewall

Intrusion detection system
Host-based intrusion detection system (HIDS)

Anomaly detection

Security information and event management (SIEM)

Mobile secure gateway

Runtime application self-protection

Site isolation

Retrieved from "https://en.wikipedia.org/w/index.php?title=Wiper_(malware)&oldid=1188165556"

[1] "Destructive Malware - Five Wipers in the Spotlight". Securelist. Retrieved 2017-07-03.

[2] Zetter, Kim. "Wiper Malware That Hit Iran Left Possible Clues of Its Origins". Wired.com. Retrieved 2017-07-03.

[3] Erdbrink, Thomas (23 April 2012). "Facing Cyberattack, Iranian Officials Disconnect Some Oil Terminals From Internet". The New York Times. Archived from the original on 31 May 2012. Retrieved 29 May 2012.

[ars-shamoon-4] "Shamoon wiper malware returns with a vengeance". Ars Technica. Retrieved 2017-07-03.

[5] Perlroth, Nicole (2012-08-24). "Among Digital Crumbs from Saudi Aramco Cyberattack, Image of Burning U.S. Flag". Bits. The New York Times. Retrieved 2017-07-03.

[6] "Inside the "wiper" malware that brought Sony Pictures to its knees [Update]". Ars Technica. Retrieved 2017-07-03.

[7] CNNMoney
. Retrieved January 4, 2015.

[8] Zetter, Kim. "The Sony Hackers Were Causing Mayhem Years Before They Hit the Company". Wired. Retrieved 2017-07-03.

[ars-wiper-9] "Tuesday's massive ransomware outbreak was, in fact, something much worse". Ars Technica. 28 June 2017. Retrieved 2017-06-28.

[BBCPMdc-10] "Cyber-attack was about data and not money, say experts". BBC News. 29 June 2017. Retrieved 29 June 2017.

[11] "Sicherheitsforscher finden neue Zerstörungs-Malware auf ukrainischen Computersystemen". standard.at. Retrieved 2022-03-15.

[12] ISSN 0167-4048
.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]