Hsinchu, Taiwan – Aug 1, 2022 – Everyone wants peace. Unfortunately, some powerful people go to war for profit occasionally. The Russia-Ukraine War, as a war in modern days, adopted some cyber-attacks for attacking enemy states, especially the targeted data wipers.

Data wipers are a category of virus whose focus is destroying data, not encrypting the data and demanding ransom. It makes the targeted data wipers as the powerful weapon to attack enemies. According to the report of the Register media, more data wipers are found to attack Ukraine’s infrastructure and organizations. Several ones among the above wipers also attacked other countries like German. Although there is no evidence that Russia sponsored these data wipers, their goals align with the goal of Russian military.

Tanks on the march. Image by Ministry of Defense of Ukraine. Creative Commons BY-SA.

The infection of data wipers is similar to the ransomware - social engineering and server vulnerabilities. Those ones used as the weapons in war have the checking target mechanism. However, the checking target mechanism might be not designed well and harmed the innocent.

The Actions of Lionic

Lionic keeps watching data wipers since long time ago. For example, there are some data wipers aimed at 2021 Tokyo Olympic Games are detected and blocked by Lionic anti-virus technology. “These malware used in war wipes your data, not extort your money." said Lionic security researcher Kaso Lin. “Backing data up is always the best method against ransomware and data wiper.”

The following are the partial list of the data wipers used in Russia-Ukraine War -

Rule ID Virus Name File Type Release Date
9027012774462151 Trojan.Boot.WhisperGate.4 Win32 EXE 2022-07-02
9048602893539775 Trojan.Boot.WhisperGate.4 Win32 EXE 2022-03-23
9063690251124999 Trojan.Boot.WhisperGate.4 Win32 EXE 2022-03-21
9225015488478772 Trojan.Boot.WhisperGate.4 Win32 EXE 2022-03-15
Rule ID Virus Name File Type Release Date
9159580633024576 Trojan.Win32.HermeticWiper.4 Win32 EXE 2022-07-07
9107418693482785 Trojan.Win32.HermeticWiper.4 Win32 EXE 2022-07-05
9103314700629090 Trojan.Win32.HermeticWiper.4 Win32 EXE 2022-06-30
9163934148364386 Trojan.Win32.HermeticWiper.b Win32 EXE 2022-06-23
9044364250619704 Trojan.Win32.HermeticWiper.4 Win32 EXE 2022-05-27
9244736592575447 Trojan.Win32.HermeticWiper.b Win32 EXE 2022-05-26
9239975743277994 Trojan.Win32.HermeticWiper.b Win32 EXE 2022-05-26
9175791606788301 Trojan.Win32.HermeticWiper.4 Win32 EXE 2022-05-25
Rule ID Virus Name File Type Release Date
9102257256904762 Trojan.Win32.IsaacWiper.4 Win32 DLL 2022-03-18
Rule ID Virus Name File Type Release Date
9106192144267135 Trojan.Win32.CaddyWiper.4 Win32 EXE 2022-05-26
9277154162475776 Trojan.Win32.CaddyWiper.4 Win32 EXE 2022-05-12
9218013396177398 Trojan.Win32.CaddyWiper.4 Win32 EXE 2022-03-26
9167898785297384 Trojan.Win32.CaddyWiper.4 Win32 EXE 2022-03-22
Rule ID Virus Name File Type Release Date
9147954829888257 Trojan.Linux.AcidRain.4 ELF 2022-04-01
Rule ID Virus Name File Type Release Date
9185919122637227 Trojan.Shell.AwfulShred.4 Shell script 2022-07-06
9229096485413402 Trojan.Shell.AwfulShred.4 Shell script 2022-07-01
9079273233613888 Trojan.Shell.AwfulShred.4 Shell script 2022-06-30
9168227735194506 Trojan.Shell.AwfulShred.4 Shell script 2022-06-17
9196428327479440 Trojan.Shell.AwfulShred.4 Shell script 2022-06-11
9065885686939306 Trojan.Shell.AwfulShred.4 Shell script 2022-05-17
9036861372226304 Trojan.Shell.AwfulShred.4 Shell script 2022-05-14
9066914543715569 Trojan.Shell.AwfulShred.4 Shell script 2022-05-10
9205812253322928 Trojan.Shell.AwfulShred.4 Shell script 2022-04-22
9010620265665256 Trojan.Shell.AwfulShred.4 Shell script 2022-04-20
9252068031526787 Trojan.Shell.AwfulShred.4 Shell script 2022-04-19
9134191810889368 Trojan.Shell.AwfulShred.4 Shell script 2022-04-18
9187915878687933 Trojan.Shell.AwfulShred.4 Shell script 2022-03-24
Rule ID Virus Name File Type Release Date
9052299046980786 Trojan.Shell.SoloShred.4 Shell script 2022-05-29
9152493416097260 Trojan.Shell.SoloShred.4 Shell script 2022-05-06
9046452523192636 Trojan.Shell.SoloShred.4 Shell script 2022-05-06
Rule ID Virus Name File Type Release Date
9074439668510293 Trojan.Win32.DoubleZero.4 Win32 EXE 2022-03-17
9054980246908280 Trojan.Win32.DoubleZero.4 Win32 EXE 2022-03-17
Rule ID Virus Name File Type Release Date
9025493828109948 Trojan.Win32.DesertBlade.4 Win32 EXE 2022-05-15

 

Whether it is for fun or profit, the developing of data wipers is immoral. In most cases, the data are unable to be recovered after the disaster caused by data wipers. If there is no back up, the victims have to rebuild the data from scratch or just give them up. Although the data wipers mentioned in this article target Ukraine, they are still possible to attack the innocent. People should defend against any kinds of data wipers. Lionic Pico-UTM has been equipped with the Lionic cloud based anti-virus technology. It can protect your data against hundreds of millions of viruses including data wipers and ransomware.

 

References:

  1. “Wiper Malware: Purposes, MITRE Techniques, and Attacker’s Trade-Offs”, https://www.linkedin.com/pulse/wiper-malware-purposes-mitre-techniques-attackers-v%C3%B6gele/
  2. “Data-wiper malware strains surge as Ukraine battles ongoing invasion”, https://www.theregister.com/2022/04/29/wiper_attacks_jump_500_percent/
  3. “Wiper Malware Riding the 2021 Tokyo Olympic Games”, https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games

 

About Lionic Corporation

Lionic Corporation is a worldwide provider of innovative Deep Packet Inspection solutions. The technologies of Lionic include the complete DPI-based software engine and related management software which offer the Security Solutions that addresses anti-virus, anti-intrusion, anti-webthreat; and the Content Management Solutions that addresses application identification, device identification, application based QoS, web content filtering, parental control.

Lionic’s security and content management solutions, cloud-based scan services and signature subscription service are widely deployed in the world already. They help service providers, network appliance manufacturers, semiconductor companies, etc. to enable the next generation of business routers, residential gateways, SD WAN edges and cloud gateways, advanced firewalls, UTMs, Smart NICs and mobile devices. Those products powered by Lionic provide better network management and protect the world’s networks from an ever increasing level of security threats.