Shamoon, the rarely seen but destructive malware that was used to wipe Saudi Aramco's servers in 2012, may be back in play, according to Chronicle, Alphabet's cybersecurity arm. Shamoon, an information-stealing malware that also includes a destructive module, renders infected systems useless by overwriting the Master Boot Record (MBR), the partition tables, and most of the files with random data. Once overwritten, the data are not recoverable. There are only three known times Shamoon variants have been used in the wild with the Saudi incident the most famous. The Shamoon disk-wiping malware has received a major upgrade and now features a ransomware module, along with support for both 32-bit and 64-bit architectures according to researchers. Shamoon, also known as Disttrack, first spotted in 2012, is one of today's most notorious malware families, even if one of the rarest. Because of the highly destructive functionality of the Shamoon “Wiper” module, an organization infected with the malware could experience operational impacts including loss of intellectual property (IP) and disruption of critical systems. Actual impact to organizations varies, depending on the type and number of systems impacted.
Release Date: 12th December 2018
Target OS: Windows 98, Windows 95, Windows XP, Windows Server 2008, Windows 7, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
Distribution Method: Via Trojan installation and password stealing.
Discovered By: Chronicle, Alphabet's cybersecurity arm