IsaacWiper Malware Destroys Systems of Ukrainian Institutions

The Russian invasion in Ukraine has prompted Russia-backed hacker groups to ramp up their attacks against Ukrainian companies & institutions. Of course, the goal of these attacks is immediate destruction, and this is why wiper malware appears to be the weapon of choice of cybercriminals. After reporting the HermeticWiper Malware in the early days of the conflict, it appears another piece of malware with the same purpose has surfaced. The implant, dubbed IsaacWiper Malware, has already been employed in multiple attacks against Ukraine-based institutions.

Some of the samples of the IsaacWiper Malware that were recovered have been compiled in October 2021, and this is likely to mean that the malware has been used before. Alternatively, it could have been prepared beforehand, and only employed now. Regardless of the scenario, it is clear that the IsaacWiper Malware is an exceptionally dangerous threat that could take entire networks offline.

The criminals operating the IsaacWiper Malware are certainly not amateurs, and they have managed to spread laterally across affected networks via a single point of intrusion. The swift and devastating attack does not just result in damaged files, but can also render all systems inaccessible since their operating systems and accompanying software would be wiped as well.

In addition to damaging just about any file on infected systems, the IsaacWiper Malware also has the ability to manipulate the Master Boot Record (MBR) of drives. This would prevent systems from booting up completely.

March 2, 2022