[MART] - Daily Diary #412 - Malware Types - Wiper

CTAS-MAT ctas-mat at appgate.com
Wed Dec 15 18:31:42 UTC 2021


I hope everyone is doing well!

Below is the entry for today.

12/15/2021 - Diary entry #412:

Today we will continue our thread on Malware Types, started on Daily Diary #328, talking about Wipers.

Wiper is not a popular category of malware. Its purpose is to wipe (erase data from) the hard drive of the computer it infects, sometimes causing it to become unbootable. It can be used by other malware types to cover their traces or to extort victims after stealing and wiping the original data after encrypting them, like in ransomware operations.

In 2012, a wiper worm attributed to Iran, named Shamoon, attacked the network of Saudi Arabia-based Saudi Aramco, the world's largest crude exporter, permanently destroying the hard drives of more than 30,000 workstations. In 2016, Shamoon reappeared attacking multiple organizations in Saudi Arabia, including several government agencies.

A recent example is Meteor, a wiping malware used in attacks against Iran's railway system on July 2021. Iran's transport ministry and national train system suffered a cyberattack, causing the agency's websites to shut down and disrupting train service.

To be protected against this type of malware is recommended to always back up data and periodically test recovering them. It's important to notice that, such as Ransomware, Wipers attacks can be deployed after data was stolen and other systems are compromised, therefore adopting a ZeroTrust architecture is important to minimize the damage from this kind of attack.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Tarijon de Almeida
Malware Analyst

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20211215/2a239f22/attachment.htm>

More information about the MART mailing list