Cyberattacks leveraging the novel CryWiper data wiper malware that poses as ransomware were reported by Kaspersky and Russian news service Izvestia to have been targeted at Russian mayors' offices and courts, according to Ars Technica.
CryWiper, which has similarities with the IsaacWiper malware targeted at Ukraine-based organizations and the Trojan-Ransom.Win32.Xorist and Trojan-Ransom.MSIL.Agent, destroys, rather than encrypts, data in impacted systems even if it masqueraded as ransomware, a report from Kaspersky found.
Izvestia reported that part of CryWiper's scheme included a note seeking a 0.5 bitcoin demand, as well as detailing a wallet address where victims could place their payments.
However, Kaspersky researchers noted that the program code of CryWiper indicated that the malware was originally meant for data wiping. Ongoing geopolitical tensions are expected to further increase wiper malware prevalence, added researchers.
"In many cases, wiper and ransomware incidents are caused by insufficient network security, and it is the strengthening of protection that should be paid attention to," they added.