Wiper malware is in the air, as it is effective, fast, & irreversible
December 13, 2022 By Raulf Hernes
(Image Credit Google)
Over the last year, there has been a flood of destructive wiper malware from no fewer than nine families. At least two more have been discovered in the last week, both with advanced codebases intended to cause maximum damage.
Check Point Research researchers published details of Azov, a previously unknown piece of malware described as an "effective, fast, and unfortunately unrecoverable data wiper," on Monday. Files are wiped in 666-byte chunks by rewriting them with random data, then leaving an equivalent-sized block alone, and so on. An uninitialized local variable char buffer is used by the malware.
Script kiddies should not apply.
Azov shows a note written in the style of a ransomware notification after destroying data on infected systems. The note reiterates the Kremlin talking points about Russia's war on Ukraine, including the threat of nuclear war. The note from one of the two samples recovered by Check Point incorrectly attributes the words to a known malware analyst from Poland.
[caption id="attachment_71519" align="aligncenter" width="701"]

Wiper malware[/caption]
Azove detonates at a predetermined time due to a logic bomb built into the code. Over 17,000 backdoored executables had been forwarded to VirusTotal as of last month.
The malware was spread using a supply-chain attack that abused the infrastructure of an Israeli firm that develops software for use in the diamond industry. Fantasy heavily borrows code from Apostle, malware that initially masqueraded as ransomware before revealing itself as a wiper. Apostle has been linked to Agrius, an Iranian threat actor operating out of the Middle East.
Also Read: YouTube Crypto ‘Front Running’ Scam: Don’t Fall for It
The documentation of Azov, Fantasy, and Sandals comes days after researchers detailed CryWiper, an unseen wiper that attacked courts and mayoral offices in Russia. In 2017, self-replicating malware Russia unleashed on Ukraine spread across the globe in a matter of hours, causing $10 billion in damage.
The commotion emphasises the importance of strengthening network security as well as how you prevent your organisation from attack.