Ukraine’s national news agency Ukrinform was targeted using five different data-wiping malware strains according to the Ukrainian Computer Emergency Response Team (CERT-UA). CERT-UA stated that the intention of the malware was “aimed at violating the integrity and availability of information (writing files/disks with zero bytes/arbitrary data and their subsequent deletion).” The five strains included CaddyWiper (Windows), ZeroWipe (Windows), SDelete (Windows), AwfulShred (Linux), and BidSwipe (FreeBSD). CERT-UA was able to determine that the Russian backed Sandworm threat group was responsible for the attack and the group was able to gain access to the Ukrinform servers on December 7th, 2022. Sandworm was also believed to be responsible for another attack that targeted a Ukrainian energy provider in April.
Wiper malware can be a very destructive tool for threat actors when targeting a specific group or business. Although difficult to defend against, there are ways to make organizations less susceptible to these types of attacks. Some of these methods include:
• Making sure malware protection and AV is up to date
• Regularly creating secure offline backups
• Train employees on how to spot phishing attempts and other forms of attacks
• Install updates/patch operating systems, software, and firmware as soon as practical after they are released.