New Malware That Broke Ukraine's System Successfully Found By Researchers

Researchers in Ukraine have discovered a new type of malware removal. (Photo: Doc. ESET)

JAKARTA - Researchers have discovered a new type of deletion malware, which is claimed to have damaged computers in Ukraine by attacking its systems since the Russian invasion began some time ago.

Dubbed CaddyWiper, the malware was discovered by researchers from a Slovak-based cybersecurity company, ESET is the third type of wiper malware to damage Ukrainian systems.

In a thread on Twitter, ESET researchers explained that CaddyWiper is malware that can wipe user data and partition information from any drive mounted on a compromised machine.

The sample code shared by ESET, shows that the malware corrupted files on the machine by overwriting them with a zero-byte character, rendering them unrecoverable.

“We knew that if the wipers worked, it would effectively render the system useless. However, it is not clear at this point what the overall impact of this attack will be," said Jean-Ian Boutin, Head of Threat Research at ESET.

However, the number of cases from CaddyWiper is still relatively small. Previous ESET research has found two other types of removal malware targeting computers in Ukraine.

Reported by The Verge, Tuesday, March 15, is a Strain, labeled HermeticWiper by researchers that was discovered on February 23, one day before Russia began its military invasion of Ukraine. Another wiper known as the IsaacWiper was deployed in Ukraine on February 24.

But from ESET's analysis, it shows that IsaacWiper and HermeticWiper were in development for months before being released.

Removal programs share some similarities with ransomware in terms of their ability to access and modify files on compromised systems. However, unlike ransomware which encrypts data on disk until a release fee is paid to the attacker, wipers permanently delete disk data and there is no way to recover it.

That is, the purpose of malware is purely to cause damage to the target rather than generate ransom for the attacker.

Pro-Russian hackers have used malware to destroy data on Ukrainian computer systems, while some Ukrainian-backed hackers have taken the opposite approach, leaking data from Russian businesses and government agencies as an offensive tactic.

Overall, large-scale cyberwarfare has so far failed to materialize in the Russia-Ukraine conflict, but it's possible that a bigger attack is still on the way.

In the United States (US), the Cybersecurity and Infrastructure Agency (CISA) has issued a warning to organizations warning that they could be affected by the same type of destructive malware used in Ukraine.