Wiper Malware And ItÔÇÖs Evolution as Ransomware

Wiper Malware has been associated with the attacks in 2012 where Shamoon, a wiper malware sample was used to attack a Reputed Saudi oil firm. The infection rendered workstations unusable and affected thousands of workstations at the company. It did steal data and overwrote the Master Boot Record on each hard drive.
Wiper malware was deployed against victims in South Korea back in 2009 and 2010. In 2012, a Wiper package called Shamoon was used at Saudi Oil Firm that struck multiple organizations in Saudi Arabia resulting in wiping the organizations' entire hard drives.
The latest attack by Shamoon was on November 17, 2016, Thursday in Saudi Arabia. This was on their weekend. This attack is similar to that happened in 2012 where the malware was released in a weekend and it spread all over the organization before being discovered.
The most expensive Wiper Malware attack was against a well-reputed American Film Entertainment Company on Nov. 24, 2014. A hacker group called "Guardians of Peace" have compromised the entire network and have stolen a huge amount of data. These data includes unreleased movies, employee and sensitive business information. The company related Twitter accounts were also part of the

Evolution as a Ransomware

Recently a group called TeleBots reconstructed the wiper malware into ransomware. They launched malware attacks against the Ukrainian financial sector using a malicious program KillDisk. The latest version of KillDisk has evolved as a ransomware. Instead of wiping data, the malware encrypts it and demands a large ransom to release the data.
More recent attack by Killdisk was against a financial sector in Ukraine planned on December 6, 2016.
This KillDisk attack continued throughout the month and aimed at the sea transportation sector as well in Ukraine.
Reports state that Linux was also in their Target list and KillDisk Ransomware demanded $250,000 Ransom. However, the files weren't decrypted.

Mitigation Steps to Minimize Risks from Wiper Malware

Organizations must take proactive security measures to minimize the risks from Wiper Malware
  • High Sensitive data should be backed up off-site and organizations must take necessary actions on the emergency response & recovery plan.
  • Backup regularly. We should always be well planned on a strong disaster recovery strategy. BCP ensures continual operation, though the system is affected. This reduces the impact of an attack. Implementing such disaster recovery strategy helps in minimal Recovery time and data loss.
  • Updating the Systems against the latest malware threats helps in more stringent protection. The update should happen at regular time intervals
  • OS updates and software updates are often recommended to make the network/system more secure. This provides protection against vulnerabilities that were identified since the previous update.
  • Users should be aware of the Phishing Attempts, Spam Identification, and Safe web browsing practices. Since users are the Front line of defense, they should be well educated to prevent such malware & ransomware attacks. An Educated user will be the best defense against such attacks.
  • Always Monitor for any changes which will significantly enhance the Malware detection efforts.
Rate this article: 
Average: 2.4 (7 votes)
Article category: