Hsinchu, Taiwan – Aug 1, 2022 – Everyone wants peace. Unfortunately, some powerful people go to war for profit occasionally. The Russia-Ukraine War, as a war in modern days, adopted some cyber-attacks for attacking enemy states, especially the targeted data wipers.
Data wipers are a category of virus whose focus is destroying data, not encrypting the data and demanding ransom. It makes the targeted data wipers as the powerful weapon to attack enemies. According to the report of the Register media, more data wipers are found to attack Ukraine’s infrastructure and organizations. Several ones among the above wipers also attacked other countries like German. Although there is no evidence that Russia sponsored these data wipers, their goals align with the goal of Russian military.
The infection of data wipers is similar to the ransomware - social engineering and server vulnerabilities. Those ones used as the weapons in war have the checking target mechanism. However, the checking target mechanism might be not designed well and harmed the innocent.
The Actions of Lionic
Lionic keeps watching data wipers since long time ago. For example, there are some data wipers aimed at 2021 Tokyo Olympic Games are detected and blocked by Lionic anti-virus technology. “These malware used in war wipes your data, not extort your money." said Lionic security researcher Kaso Lin. “Backing data up is always the best method against ransomware and data wiper.”
The following are the partial list of the data wipers used in Russia-Ukraine War -
| Rule ID | Virus Name | File Type | Release Date |
|---|---|---|---|
| 9027012774462151 | Trojan.Boot.WhisperGate.4 | Win32 EXE | 2022-07-02 |
| 9048602893539775 | Trojan.Boot.WhisperGate.4 | Win32 EXE | 2022-03-23 |
| 9063690251124999 | Trojan.Boot.WhisperGate.4 | Win32 EXE | 2022-03-21 |
| 9225015488478772 | Trojan.Boot.WhisperGate.4 | Win32 EXE | 2022-03-15 |
| Rule ID | Virus Name | File Type | Release Date |
|---|---|---|---|
| 9159580633024576 | Trojan.Win32.HermeticWiper.4 | Win32 EXE | 2022-07-07 |
| 9107418693482785 | Trojan.Win32.HermeticWiper.4 | Win32 EXE | 2022-07-05 |
| 9103314700629090 | Trojan.Win32.HermeticWiper.4 | Win32 EXE | 2022-06-30 |
| 9163934148364386 | Trojan.Win32.HermeticWiper.b | Win32 EXE | 2022-06-23 |
| 9044364250619704 | Trojan.Win32.HermeticWiper.4 | Win32 EXE | 2022-05-27 |
| 9244736592575447 | Trojan.Win32.HermeticWiper.b | Win32 EXE | 2022-05-26 |
| 9239975743277994 | Trojan.Win32.HermeticWiper.b | Win32 EXE | 2022-05-26 |
| 9175791606788301 | Trojan.Win32.HermeticWiper.4 | Win32 EXE | 2022-05-25 |
| Rule ID | Virus Name | File Type | Release Date |
|---|---|---|---|
| 9102257256904762 | Trojan.Win32.IsaacWiper.4 | Win32 DLL | 2022-03-18 |
| Rule ID | Virus Name | File Type | Release Date |
|---|---|---|---|
| 9106192144267135 | Trojan.Win32.CaddyWiper.4 | Win32 EXE | 2022-05-26 |
| 9277154162475776 | Trojan.Win32.CaddyWiper.4 | Win32 EXE | 2022-05-12 |
| 9218013396177398 | Trojan.Win32.CaddyWiper.4 | Win32 EXE | 2022-03-26 |
| 9167898785297384 | Trojan.Win32.CaddyWiper.4 | Win32 EXE | 2022-03-22 |
| Rule ID | Virus Name | File Type | Release Date |
|---|---|---|---|
| 9147954829888257 | Trojan.Linux.AcidRain.4 | ELF | 2022-04-01 |
| Rule ID | Virus Name | File Type | Release Date |
|---|---|---|---|
| 9185919122637227 | Trojan.Shell.AwfulShred.4 | Shell script | 2022-07-06 |
| 9229096485413402 | Trojan.Shell.AwfulShred.4 | Shell script | 2022-07-01 |
| 9079273233613888 | Trojan.Shell.AwfulShred.4 | Shell script | 2022-06-30 |
| 9168227735194506 | Trojan.Shell.AwfulShred.4 | Shell script | 2022-06-17 |
| 9196428327479440 | Trojan.Shell.AwfulShred.4 | Shell script | 2022-06-11 |
| 9065885686939306 | Trojan.Shell.AwfulShred.4 | Shell script | 2022-05-17 |
| 9036861372226304 | Trojan.Shell.AwfulShred.4 | Shell script | 2022-05-14 |
| 9066914543715569 | Trojan.Shell.AwfulShred.4 | Shell script | 2022-05-10 |
| 9205812253322928 | Trojan.Shell.AwfulShred.4 | Shell script | 2022-04-22 |
| 9010620265665256 | Trojan.Shell.AwfulShred.4 | Shell script | 2022-04-20 |
| 9252068031526787 | Trojan.Shell.AwfulShred.4 | Shell script | 2022-04-19 |
| 9134191810889368 | Trojan.Shell.AwfulShred.4 | Shell script | 2022-04-18 |
| 9187915878687933 | Trojan.Shell.AwfulShred.4 | Shell script | 2022-03-24 |
| Rule ID | Virus Name | File Type | Release Date |
|---|---|---|---|
| 9052299046980786 | Trojan.Shell.SoloShred.4 | Shell script | 2022-05-29 |
| 9152493416097260 | Trojan.Shell.SoloShred.4 | Shell script | 2022-05-06 |
| 9046452523192636 | Trojan.Shell.SoloShred.4 | Shell script | 2022-05-06 |
| Rule ID | Virus Name | File Type | Release Date |
|---|---|---|---|
| 9074439668510293 | Trojan.Win32.DoubleZero.4 | Win32 EXE | 2022-03-17 |
| 9054980246908280 | Trojan.Win32.DoubleZero.4 | Win32 EXE | 2022-03-17 |
| Rule ID | Virus Name | File Type | Release Date |
|---|---|---|---|
| 9025493828109948 | Trojan.Win32.DesertBlade.4 | Win32 EXE | 2022-05-15 |
Whether it is for fun or profit, the developing of data wipers is immoral. In most cases, the data are unable to be recovered after the disaster caused by data wipers. If there is no back up, the victims have to rebuild the data from scratch or just give them up. Although the data wipers mentioned in this article target Ukraine, they are still possible to attack the innocent. People should defend against any kinds of data wipers. Lionic Pico-UTM has been equipped with the Lionic cloud based anti-virus technology. It can protect your data against hundreds of millions of viruses including data wipers and ransomware.
References:
- “Wiper Malware: Purposes, MITRE Techniques, and Attacker’s Trade-Offs”, https://www.linkedin.com/pulse/wiper-malware-purposes-mitre-techniques-attackers-v%C3%B6gele/
- “Data-wiper malware strains surge as Ukraine battles ongoing invasion”, https://www.theregister.com/2022/04/29/wiper_attacks_jump_500_percent/
- “Wiper Malware Riding the 2021 Tokyo Olympic Games”, https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games
About Lionic Corporation
Lionic Corporation is a worldwide provider of innovative Deep Packet Inspection solutions. The technologies of Lionic include the complete DPI-based software engine and related management software which offer the Security Solutions that addresses anti-virus, anti-intrusion, anti-webthreat; and the Content Management Solutions that addresses application identification, device identification, application based QoS, web content filtering, parental control.
Lionic’s security and content management solutions, cloud-based scan services and signature subscription service are widely deployed in the world already. They help service providers, network appliance manufacturers, semiconductor companies, etc. to enable the next generation of business routers, residential gateways, SD WAN edges and cloud gateways, advanced firewalls, UTMs, Smart NICs and mobile devices. Those products powered by Lionic provide better network management and protect the world’s networks from an ever increasing level of security threats.
