CryWiper Malware Used to Attack Russian Targets
A brand new strain of malware that was never seen in the wild before is now used in attacks on administrative bodies in Russia. The new malware is called CryWiper. CryWiper is targeting the offices of city officials and courts of law located in Russian cities.
The malware poses as a strain of ransomware. CryWiper changes encrypted file extensions as most ransomware variants do, attaching the ".cry" string to the names of scrambled files. The malware also drops a ransom note and asks for 0.5 worth of Bitcoin as a ransom payment.
Despite appearances, CryWiper, as the name suggests, is really a destructive file wiper and not a legitimate ransomware strain, which would imply the possibility of recovery and decryption.
According to security researchers, files are not encrypted, the data inside them is destroyed and cannot be recovered. A deeper analysis of the malicious tool shows that this is not even a bug or an oversight on part of the CryWiper developer - this is intended behavior.
The data inside files affected by the malware is replaced with numbers produced by a pseudo-random number generator, making recovery impossible.