Cybersecurity expert from Russia, Kaspersky, discovered a new malware called CryWiper. Reportedly, it is able to erase the data in the trap without any residue.
In its latest report, Kaspersky reveals that CryWiper is a malware remover where files modified by it cannot be restored to their previous state, forever.
So, if you find your device infected with CryWiper malware and see a note asking for a ransom and the file has CRY, don’t rush into paying the ransom, as it will be a waste.
Experts also confirmed that the malware can modify data, add CRY to it, and save a README.txt file with a note demanding a ransom.
Kaspersky said in its report that In the past, we have seen several types of malware being removed accidentally, due to the fault of their creators who implemented a badly implemented encryption algorithm. The attacker’s main goal is not financial gain, but data destruction. Files are not really encrypted otherwise, the Trojan overwrites them with randomly generated data.
Kaspersky says that the Trojan will even corrupt any data that is not critical to the operating system’s functionality. They don’t just focus on databases, archives and user documents.
So far, Kaspersky experts have only seen attacks targeting Russia. However, of course no one can guarantee that the same attack will not be carried out in other countries.
To protect devices from malware remover, Kaspersky experts recommend the following steps:
– Always carefully control remote access connections to your infrastructure: prohibit connections from public networks, allow RDP access only through VPN tunneling, and use strong unique passwords with two-factor authentication
– Timely update critical software, pay special attention to operating systems, security solutions, VPN clients and remote access tools
– Increase the security awareness of your employees, for example, using special online tools
– Implement advanced security solutions to protect work devices and corporate network perimeters.