Secrets of the Wiper: Inside the World’s Most Destructive Malware
Shamoon, Black Energy, Destover, ExPetr/Not Petya and Olympic Destroyer: All of these wiper malwares, and others like them, have a singular purpose of destroying systems and/or data, usually causing great financial and reputational damage to victim companies. However, the threat actors behind this kind of code, whether they’re bent on sending a political message or simply wanting to cover their tracks after data exfiltration, have adopted various techniques to carry out those activities. Cisco Talos researcher Vitor Ventura, along with contributions from Martin Lee, noted in a report published on Tuesday, that malware with destructive payloads has been around since the early days of virus development.
However, the delivery methods and level of destruction of wiper malware have evolved. Damage can range from the overwriting of specific files to the destruction of the entire file system; and the amount of data impacted and the difficulty of the recovery process is a direct consequence of the technique used. In any case, it’s usually a well-crafted code at the root of the bomb.