New CryWiper wiper targets Russian entities masquerading as a ransomware
Researchers from Kaspersky have discovered a previously unknown data wiper, dubbed CryWiper, that was employed in destructive attacks against Russian mayor’s offices and courts.
The the wiper contacts the command and control server using an HTTP GET request and passes the name of the infected system as a parameter. The malware appends the .CRY extension to the files it has corrupted and drops ransom notes (‘README.txt’) demanding for 0.5 Bitcoin for the decrypted. The malware masquerades as ransomware, but the analysis of the code demonstrates that it does not actually encrypt, but only destroys data in the infected system.
Source read time: 2 min - securityaffairs.co
Also offered in: Nederlands