New CryWiper wiper targets Russian entities masquerading as a ransomware

The the wiper contacts the command and control server using an HTTP GET request and passes the name of the infected system as a parameter. The malware appends the .CRY extension to the files it has corrupted and drops ransom notes (‘README.txt’) demanding for 0.5 Bitcoin for the decrypted. The malware masquerades as ransomware, but the analysis of the code demonstrates that it does not actually encrypt, but only destroys data in the infected system.