Russian Courts Targeted by New CryWiper Data Wiper Malware Posing as Ransomware

CryWiper is the second retaliatory wiper malware strain aimed at Russia after RURansom, a .NET-based wiper that was found targeting entities in the country earlier this March. A C++-based malware, CryWiper is configured to establish persistence via a scheduled task and communicate with a command-and-control (C2) server to initiate the malicious activity. Besides terminating processes related to database and email servers, the malware is equipped with capabilities to delete shadow copies of files and modify the Windows Registry to prevent RDP connections in a likely attempt to obstruct incident response efforts.