The cybersecurity industry generally refers to them as “wipers.” They are malicious pieces of software whose purpose is to destroy data or computer systems. The beginning of the Russian offensive on Ukrainian soil was marked by an explosion in their use. Since the attack on Viasat satellite network receiving equipment, cybersecurity researchers have identified a dozen computer attacks using wipers against Ukrainian targets. However, wipers were in existence before the start of the war in Ukraine. We could cite the attack against the Saudi Aramco company in 2012, as well as the NotPetya malware that spread to many companies around the world in 2017.
Wipers use techniques and tools similar to those used by ransomware groups or so-called “APT” groups, ie operators of persistent and advanced attacks. Only their goal is different: they don’t block access to data before demanding a ransom in exchange for a decryption key, but simply delete, or wipe it (as the name implies).
The NotPetya previous
The destruction of data follows no logic of financial gain. “Today, we know that it’s generally states that are behind this type of attack. The objective is either political – to send a message – or for military purposes, as was the case with the Viasat attack,” explained Paul Rascagnères, a malware analyst with the American company Volexity. Among the attacks identified and known to the public, the culprit singled out is very often Russia. It’s the Russian government that’s accused of being behind the NotPetya attack in 2017, as well as of being behind the attack against Viasat. Finally, it’s Russia that’s found to be maneuvering in Ukraine. This type of attack is not, however, exclusive to the Kremlin. Researchers from the Slovakian cybersecurity company ESET have, for example, identified their use against Israeli companies, pointing to the activities of a group “affiliated with Iran.” “At the end of the day, quite a few countries are using this software. This doesn’t mean that others are not equipped with it,” underlined Paul Rascagnères.
The proximity between ransomware and wipers has often been exploited by their creators. For example, the NotPetya cyberattack in 2017 had all the appearances of ransomware. This was, however, only a facade. In reality, there was no mechanism to regain access to affected data. Meanwhile, NotPetya was equipped with an automatic propagation system. While the first targeted companies were based in Ukraine, the malware quickly spread via the internet and caused significant damage to many companies around the world. In France, the Saint-Gobain manufacturing company estimated the total cost of its infection to be more than €200 million in turnover.
You have 46.29% of this article left to read. The rest is for subscribers only.
