Technical Support: 412-349-6678 | Incident Response

Wiped Out: The Crippling Effects of Wiper Malware Attacks

What to know about the wiper malware attacks

You’re probably familiar with several forms of cyberattacks your business faces every day.

Nations-states prefer to steal data, while cybercriminals generally either opt for cryptomining or encrypting your data for a ransomware attack.

Unfortunately, while this has been true for years, recent strikes reveal a new appetite for destruction: wiper malware attacks.

So, why worry about wiper attacks when most attackers don’t use them?

Well, the sheer destructive nature of these attacks is simply too great to ignore.

Wiper malware attacks don’t just steal your data. And, they don’t offer you an chance to get it back, like ransomware.

Instead, wiper attacks enter your system, spread where they want to go, and delete everything in their path, completely ‘wiping out’ your data.

It’s an attack that only a solidified backup strategy is prepared to deal with.

Weaponized Wiper Malware Attacks

When a wiper attack strikes, all data on your devices can be deleted.

And lately, these attacks received quite of attention, a result of the conflict in Eastern Europe.

Since the Russian invasion of Ukraine, seven different wiper malwares have been launched.

They are:

  • AcidRain – A wiper targeting modems and routers to cripple the Viasat satellite internet service.
  • CaddyWiper – Targeting Ukrainian entities to disable Volume Shadow Copy Service (VSS), before wiping itself from drives by overwriting the disk and its own file with random bytes.
  • HermeticWiper – a similar malware to CaddyWiper, often deployed with a custom worm, HermeticWizard for network propagation, and a decoy ransomware attack known as HermeticRansom. This attack was deployed against Ukraine, Lithuania, and Latvia.
  • IsaacWiper – A less sophisticated wiper targeting the Ukrainian government.
  • WhisperGate – A wiper staged to look like ransomware, but meant to wipe the master boot record (MBR) of Ukrainian computers.

While these attacks launched by Russian hacker groups currently target Ukrainian entities, sanctions may encourage the attackers to broaden their scope.

Though U.S. critical infrastructure is undergoing preparations, hacktivism may spread the damage to other sectors.

It’s a concerning situation no matter what business you’re in.

Further Wiper Malware Concerns

While attackers limited deployment of most of these wipers to specific networks, the HermeticWizard worm is reminiscent of the highly destructive NotPetya attack that travelled unchecked through corporate networks.

Even then, most of those attacks primarily hit computers.

In contrast, the AcidRain attacks wipe modems and routers, introducing entire new levels of destruction.

After all, how many of your disaster recovery plans assume your basic network infrastructure are destroyed as well?

It’s not something most businesses prepare for, but a realistic concern, nonetheless.

In addition to involving a wider range of targeted devices, you may also see wiper malware used as a tactic by criminal organizations.

Already, some ransomware criminals use limited wiper malware attacks to destroy forensic evidence.

But, they could easily deploy wiper malware against companies who refuse to pay ransoms.

The recent LAPSUS$ group attacks also illustrate possible attacks looking for reputation gains even more than financial ones.

And, if a criminal organization doesn’t care if their victims pay, there is no incentive to leave your systems intact.

While these scenarios haven’t been seen, they certainly wouldn’t require any technical advancements.

So far, attackers simply haven’t chosen that route – yet.

Are Your Backups Vulnerable?

When you and your team talk about performing backups, you’re probably focused on data backups right on existing systems, like before performing an update.

Incremental data backups can be performed much faster, consume less storage space, and can be less burdensome to system operation during a backup.

However, incremental backups leave systems vulnerable to wiper malware attacks.

If a wiper attack destroys your operating system, your IT teams will have much more work to perform to restore systems.

They’ll need to:

  • Reinstall operating systems
  • Install any OS updates and patches issued
  • Restore data from backups
  • Reinstall any software and update that software

Organizations are supposed to perform system backups before the application of updates and patches.

However, how many of these monthly backups only exist on the computer or device being backed up?

How many backup strategies also include settings and firmware code for infrastructure and operational equipment?

Both the Sandworm attack group associated with the Cyclops Blink Botnet and the NotPetya virus used aspects of wiper malware attacks to sabotage industrial control systems in 2015.

As a result, they proved the need to consider the Internet of Things (IoT) and Operational Technology (OT) for backup.

Boosted Backup Strategy

The more critical an asset is to your organization, the more frequently you should perform a full backup, as well as test recovery of that asset.

Basic data recovery strategies require the 3-2-1 principle, though to ensure rapid recovery, you need to periodically perform backups of your full infrastructure.

Networking infrastructure, firewalls, IoT, OT, and even cloud resources should be backed up in some fashion.

While cloud assets suffer less risk of failure, it cannot be ignored that analysts estimate that 49% of organizations using SaaS experience some form of data loss.

The more options you have for recovery, the better off you’ll be.

The Takeaways

Though wiper malware isn’t anything new, their use during the Russia-Ukraine conflict is a reminder that they’re not going away.

And, in some ways, their destructive power can be even worse for business than ransomware attacks.

If all of your business’s data was wiped out, with no way of getting it back, would you be able to carry on? What sort of financial impact would you suffer?

Worse, what if your routers, modems, etc., were also wiped out, rendering you helpless to restore your information?

It’s certainly a lot to think about, and not to be taken lightly.

That’s why preparing ahead of time, with the right backup strategy is so critical.

Fortunately, there’s no reason to stress out – you can always reach out for professional assistance.

Contact Ideal Integrations or Blue Bastion at 412-349-6680, or fill out the form below to accelerate an enhanced backup strategy for your organization.

Our experts will work with you to identify key assets, backup strategies, and how to ensure a quick recovery.

There’s never a reason for you to go it alone.

Need a Managed IT Solution For Your Organization? Contact Us!

  • This field is for validation purposes and should be left unchanged.