Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Examples 2 Solution 3 References

Wiper (malware)

●Deutsch ●Français ●മലയാളം ●日本語 ●Polski ●Português ●Slovenščina Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

Incomputer security, a wiper is a class of malware intended to erase (wipe, hence the name) the hard drive or other static memory of the computer it infects, maliciously deleting data and programs.

Examples[edit]

A piece of malware referred to as "Wiper" was allegedly used in attacks against Iranian oil companies. In 2012, the International Telecommunication Union supplied Kaspersky Lab with hard drives allegedly damaged by Wiper for analysis. While a sample of the alleged malware could not be found, Kaspersky discovered traces of a separate piece of malware known as Flame.^[1]^[2]^[3]

The Shamoon malware contained a disk wiping mechanism; it was employed in 2012 and 2016 malware attacks targeting Saudi energy companies, and utilized a commercial direct drive access driver known as Rawdisk. The original variant overwrote files with portions of an image of a burning U.S. flag. The 2016 variant was nearly identical, except using an image of the body of Alan Kurdi instead.^[4]^[5]

A wiping component was used as part of the malware employed by the Lazarus Group—a cybercrime group with alleged ties to North Korea, during the 2013 South Korea cyberattack, and the 2014 Sony Pictures hack.^[6]^[7]^[8] The Sony hack also utilized RawDisk.^[4]

In 2017, computers in several countries—most prominently Ukraine, were infected by NotPetya, which is a variant of the Petya ransomware that was a wiper in functional sense. The malware infects the master boot record with a payload that encrypts the internal file table of the NTFS file system. Although it still demanded a ransom, it was found that the code had been significantly modified so that the payload could not actually revert its changes, even if the ransom were successfully paid.^[9]^[10]

Several variants of wiper malware were discovered during the 2022 Ukraine cyberattacks on computer systems associated with Ukraine. Named CaddyWiper, HermeticWiper, IsaacWiper, and FoxBlade by researchers, the programs showed little relation to each other, prompting speculation that they were created by different state-sponsored actors in Russia especially for this occasion.^[11]

Solution[edit]

Reactive redundancy is a possible solution for data destruction protection. Researchers are able to create systems capable of analyzing write buffers before they reach a storage medium, determine if the write is destructive, and preserve the data under destruction.^[12]

References[edit]

^ "Destructive Malware - Five Wipers in the Spotlight". Securelist. Retrieved 2017-07-03.

^ Zetter, Kim. "Wiper Malware That Hit Iran Left Possible Clues of Its Origins". Wired.com. Retrieved 2017-07-03.

^ Erdbrink, Thomas (23 April 2012). "Facing Cyberattack, Iranian Officials Disconnect Some Oil Terminals From Internet". The New York Times. Archived from the original on 31 May 2012. Retrieved 29 May 2012.

^ ^a ^b "Shamoon wiper malware returns with a vengeance". Ars Technica. Retrieved 2017-07-03.

^ Perlroth, Nicole (2012-08-24). "Among Digital Crumbs from Saudi Aramco Cyberattack, Image of Burning U.S. Flag". Bits. The New York Times. Retrieved 2017-07-03.

^ "Inside the "wiper" malware that brought Sony Pictures to its knees [Update]". Ars Technica. Retrieved 2017-07-03.

^ Palilery, Jose (December 24, 2014). "What caused Sony hack: What we know now". CNNMoney. Retrieved January 4, 2015.

^ Zetter, Kim. "The Sony Hackers Were Causing Mayhem Years Before They Hit the Company". Wired. Retrieved 2017-07-03.

^ "Tuesday's massive ransomware outbreak was, in fact, something much worse". Ars Technica. 28 June 2017. Retrieved 2017-06-28.

^ "Cyber-attack was about data and not money, say experts". BBC News. 29 June 2017. Retrieved 29 June 2017.

^ "Sicherheitsforscher finden neue Zerstörungs-Malware auf ukrainischen Computersystemen". standard.at. Retrieved 2022-03-15.

^ Gutierrez, Christopher N.; Spafford, Eugene H.; Bagchi, Saurabh; Yurek, Thomas (2018-05-01). "Reactive redundancy for data destruction protection (R2D2)". Computers & Security. 74: 184–201. doi:10.1016/j.cose.2017.12.012. ISSN 0167-4048.

Information security

Related security categories

Threats

Defenses

Retrieved from "https://en.wikipedia.org/w/index.php?title=Wiper_(malware)&oldid=1188165556" Category: ●Types of malware Hidden categories: ●Articles with short description ●Short description is different from Wikidata ●This page was last edited on 3 December 2023, at 19:04 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view