(April 1, 2022) Most people are familiar by now with ransomware. “Wiper” malware is a whole new ballgame.
Ransomware encrypts a victim’s data and then demands payment for the decryption key. Wiper malware destroys data in a way that cannot be recovered.
The latest strains are designed to overwrite the master boot record that contains information on where the computer’s operating system is located and how the disk is partitioned. Without that information, the computer simply will not work. Known as WhisperGate and HermeticWiper, the new variants display a ransom demand, but paying the ransom is of no use.
Although wiper malware has been around for at least a decade, the latest variants have emerged in connection with Russia’s attack on Ukraine. Security researchers suspect that Russian hacking groups are conducting cyber warfare against Ukrainian government agencies and financial institutions. U.S. officials have warned that these attacks could spread to organizations in this country through subsidiaries and partner supply chains, or be purposely used to target U.S. infrastructure.
The NotPetya Attack
Russia has targeted Ukraine with wiper malware in the past. The 2017 “NotPetya” attack began in Ukraine and ultimately spread to more than 60 countries, including the U.S. Like WhisperGate and HermeticWiper, NotPetya masqueraded as ransomware but turned out to be a wiper.
Some security experts consider NotPetya to be the most damaging cyberattack in history. It generated just $10,000 in ransom money but caused more than $10 billion in damages across more than 2,000 companies. NotPetya blocked access to systems used by Maersk to operate shipping terminals all over the world, costing the company as much as $300 million in revenue due to a two-week business disruption. In the U.S., FedEx was hit particularly hard, losing $400 million due to system restoration costs and disruptions to shipments.
The attack points to the risks to global supply chains, which have become increasingly popular targets for cybercrime. Foreign companies that lack robust security solutions may be especially vulnerable and spread that risk to their partners. As a result, organizations need to identify these vulnerabilities and account for the supply chain in their risk management strategy.
Tips for Reducing Risk
On Feb. 26, 2022, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint alert describing the technical details of HermeticWiper, WhisperGate, and another wiper called Trojan. Killdisk. The agencies also recommend several steps organizations should take to prevent a wiper attack.
Specifically, the agencies warn that the malware can affect enterprise applications that interface with other systems, networking equipment, and centralized storage devices. If the malware were to target enterprise file shares, data warehouses, or network routing tables, it could prove devastating to the organization.
A critical first step is to ensure that enterprise systems and applications are patched and up-to-date and supporting infrastructure is hardened according to best practices. Access control policies should be based upon the principle of least privilege access and strictly enforced. Multifactor authentication should be implemented, particularly for privileged accounts. The network should be segmented to limit the spread of the malware.
Organizations should have a robust incident response plan that helps quickly determine which systems have been impacted and how the attack was likely distributed so that it can be contained. Backup systems should be isolated or immutable backups used to prevent an attack from destroying them.
World events continue to alter the cybersecurity landscape. Organizations need to be more diligent than ever updating and monitoring their business-critical systems. Contact Mainstream Technologies today for assistance in evaluating and securing your business’s most critical technology assets.
ABOUT MAINSTREAM TECHNOLOGIES
Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting custom software development and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.
Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile
