New CaddyWiper Data Wiping Malware Hits Ukrainian Networks (bleepingcomputer.com) 13
Newly discovered data-destroying malware was observed earlier today in attacks targeting Ukrainian organizations and deleting data across systems on compromised networks. BleepingComputer reports: "This new malware erases user data and partition information from attached drives," ESET Research Labs explained. "ESET telemetry shows that it was seen on a few dozen systems in a limited number of organizations." While designed to wipe data across Windows domains it's deployed on, CaddyWiper will use the DsRoleGetPrimaryDomainInformation() function to check if a device is a domain controller. If so, the data on the domain controller will not be deleted. This is likely a tactic used by the attackers to maintain access inside the compromised networks of organizations they hit while still heavily disturbing operations by wiping other critical devices.
While analyzing the PE header of a malware sample discovered on the network of an undisclosed Ukrainian organization, it was also discovered that the malware was deployed in attacks the same day it was compiled. "CaddyWiper does not share any significant code similarity with HermeticWiper, IsaacWiper, or any other malware known to us. The sample we analyzed was not digitally signed," ESET added. "Similarly to HermeticWiper deployments, we observed CaddyWiper being deployed via GPO, indicating the attackers had prior control of the target's network beforehand."
While analyzing the PE header of a malware sample discovered on the network of an undisclosed Ukrainian organization, it was also discovered that the malware was deployed in attacks the same day it was compiled. "CaddyWiper does not share any significant code similarity with HermeticWiper, IsaacWiper, or any other malware known to us. The sample we analyzed was not digitally signed," ESET added. "Similarly to HermeticWiper deployments, we observed CaddyWiper being deployed via GPO, indicating the attackers had prior control of the target's network beforehand."
One day MS will have Immutable capability (Score:2)
One day data won't be weaponized (Score:2)
Are you volunteering to go over and help them migrate all their data and applications to equivalent applications that will run under OpenBSD? It might be easier if you just teach them overnight how to do a proper 3-2-1 backup of their data.
I would call ahead before you plan to go over to help them do things the right way. I hear they're a little busy right now. /s
Re: (Score:2)
Re: (Score:3)
It was a sarcastic comment about the timing of suggesting that the solution to Ukraine's ransomeware/datawipe problem was changing to OpenBSD.
If his comment was meant as a philosophical discussion about the relative merits of the Windows NFTS file system vs the many others that are out there then perhaps you view my reply as "toxic" but I was struck by how little his suggestion would help the current problem. It is akin to suggesting "they should beef up their IT security so it doesn't happen." A great su
Re: (Score:2)
If MS cared about security, their stuff would not be such an incredibly insecure mess today. They do not. They do the minimum they think they can get away with. Since too many customers have painted themselves into a corner by doing an abysmally stupid "MS strategy", that minimum is not very good and still allows easy attacking of MS-based computing. Monopolies are bad for everyone except the monopolist.
Re: (Score:1)
Re: (Score:1)
Fuck off and get covid. That is all.
prob just attacking the biolabs (Score:1)
some data foreign organizations just need to get rid of.
Re: (Score:1)
Conspiracy Theory (Score:2)
(which with the current genocide by Russia of Ukrainian population might even be plausible)
Conspiracy Theory: "Because the International Court is requesting recordings of Russia violations of Human Rights, War Crimes, etc., they have released a wiping virus..."
I've just thought of it (not that I believe every though I think, you know XD )
"data across Windows domains" (Score:2)