629:
163:
Reactive redundancy is a possible solution for data destruction protection. Researchers are able to create systems capable of analyzing write buffers before they reach a storage medium, determine if the write is destructive, and preserve the data under destruction.
130:. Although it still demanded a ransom, it was found that the code had been significantly modified so that the payload could not actually revert its changes, even if the ransom were successfully paid.
155:
by researchers, the programs showed little relation to each other, prompting speculation that they were created by different state-sponsored actors in Russia especially for this occasion.
70:
malware contained a disk wiping mechanism; it was employed in 2012 and 2016 malware attacks targeting Saudi energy companies, and utilized a commercial direct drive access driver known as
238:
59:
with hard drives allegedly damaged by Wiper for analysis. While a sample of the alleged malware could not be found, Kaspersky discovered traces of a separate piece of malware known as
441:
288:
390:
523:
313:
230:
1067:
1044:
52:
263:
1075:
516:
1007:
803:
1057:
180:
366:
870:
509:
115:, which is a variant of the Petya ransomware that was a wiper in functional sense. The malware infects the
108:
97:
1062:
983:
783:
338:
1039:
997:
653:
466:
1101:
900:
618:
134:
78:
885:
763:
658:
973:
925:
588:
1014:
748:
465:
Gutierrez, Christopher N.; Spafford, Eugene H.; Bagchi, Saurabh; Yurek, Thomas (2018-05-01).
1034:
946:
895:
840:
708:
681:
663:
561:
532:
39:
or other static memory of the computer it infects, maliciously deleting data and programs.
628:
8:
818:
593:
551:
120:
205:
1002:
930:
835:
442:"Sicherheitsforscher finden neue Zerstörungs-Malware auf ukrainischen Computersystemen"
116:
112:
101:
1050:
808:
743:
693:
640:
598:
546:
488:
314:"Inside the "wiper" malware that brought Sony Pictures to its knees [Update]"
20:
1019:
959:
723:
713:
608:
478:
231:"Facing Cyberattack, Iranian Officials Disconnect Some Oil Terminals From Internet"
890:
788:
613:
603:
60:
289:"Among Digital Crumbs from Saudi Aramco Cyberattack, Image of Burning U.S. Flag"
47:
A piece of malware referred to as "Wiper" was allegedly used in attacks against
1080:
978:
828:
778:
753:
718:
698:
578:
566:
483:
415:
81:. The 2016 variant was nearly identical, except using an image of the body of
1095:
990:
951:
920:
915:
768:
758:
728:
492:
89:
56:
1024:
880:
583:
75:
32:
391:"Tuesday's massive ransomware outbreak was, in fact, something much worse"
964:
798:
773:
738:
573:
127:
93:
367:"The Sony Hackers Were Causing Mayhem Years Before They Hit the Company"
1029:
845:
793:
676:
556:
501:
82:
36:
74:. The original variant overwrote files with portions of an image of a
905:
860:
855:
703:
671:
865:
823:
686:
343:
151:
88:
A wiping component was used as part of the malware employed by the
875:
850:
813:
71:
67:
28:
206:"Wiper Malware That Hit Iran Left Possible Clues of Its Origins"
733:
648:
133:
Several variants of wiper malware were discovered during the
467:"Reactive redundancy for data destruction protection (R2D2)"
464:
124:
48:
107:
In 2017, computers in several countries—most prominently
416:"Cyber-attack was about data and not money, say experts"
181:"Destructive Malware - Five Wipers in the Spotlight"
16:
Malware designed to erase files on the host computer
137:on computer systems associated with Ukraine. Named
1093:
264:"Shamoon wiper malware returns with a vengeance"
517:
258:
256:
123:that encrypts the internal file table of the
524:
510:
253:
1068:Security information and event management
482:
339:"What caused Sony hack: What we know now"
92:—a cybercrime group with alleged ties to
531:
383:
336:
286:
228:
408:
104:. The Sony hack also utilized RawDisk.
1094:
1045:Host-based intrusion detection system
505:
53:International Telecommunication Union
337:Palilery, Jose (December 24, 2014).
1076:Runtime application self-protection
13:
627:
364:
229:Erdbrink, Thomas (23 April 2012).
203:
14:
1113:
1008:Security-focused operating system
804:Insecure direct object reference
241:from the original on 31 May 2012
1058:Information security management
458:
434:
287:Perlroth, Nicole (2012-08-24).
358:
330:
306:
280:
222:
197:
173:
1:
167:
98:2013 South Korea cyberattack
51:oil companies. In 2012, the
7:
1063:Information risk management
984:Multi-factor authentication
540:Related security categories
158:
42:
35:(wipe, hence the name) the
10:
1118:
1040:Intrusion detection system
998:Computer security software
654:Advanced persistent threat
484:10.1016/j.cose.2017.12.012
939:
639:
625:
619:Digital rights management
539:
135:2022 Ukraine cyberattacks
764:Denial-of-service attack
659:Arbitrary code execution
471:Computers & Security
974:Computer access control
926:Rogue security software
589:Electromagnetic warfare
1020:Obfuscation (software)
749:Browser Helper Objects
633:
1015:Data-centric security
896:Remote access trojans
631:
947:Application security
841:Privilege escalation
709:Cross-site scripting
562:Cybersex trafficking
533:Information security
295:. The New York Times
594:Information warfare
552:Automotive security
111:, were infected by
1003:Antivirus software
871:Social engineering
836:Polymorphic engine
789:Fraudulent dialers
694:Hardware backdoors
634:
235:The New York Times
117:master boot record
102:Sony Pictures hack
1089:
1088:
1051:Anomaly detection
956:Secure by default
809:Keystroke loggers
744:Drive-by download
632:vectorial version
599:Internet security
547:Computer security
21:computer security
1109:
1102:Types of malware
960:Secure by design
891:Hardware Trojans
724:History sniffing
714:Cross-site leaks
609:Network security
526:
519:
512:
503:
502:
497:
496:
486:
462:
456:
455:
453:
452:
438:
432:
431:
429:
427:
412:
406:
405:
403:
402:
387:
381:
380:
378:
377:
362:
356:
355:
353:
351:
334:
328:
327:
325:
324:
310:
304:
303:
301:
300:
284:
278:
277:
275:
274:
260:
251:
250:
248:
246:
226:
220:
219:
217:
216:
201:
195:
194:
192:
191:
177:
1117:
1116:
1112:
1111:
1110:
1108:
1107:
1106:
1092:
1091:
1090:
1085:
935:
635:
623:
614:Copy protection
604:Mobile security
535:
530:
500:
463:
459:
450:
448:
440:
439:
435:
425:
423:
414:
413:
409:
400:
398:
389:
388:
384:
375:
373:
363:
359:
349:
347:
335:
331:
322:
320:
312:
311:
307:
298:
296:
285:
281:
272:
270:
262:
261:
254:
244:
242:
227:
223:
214:
212:
202:
198:
189:
187:
179:
178:
174:
170:
161:
100:, and the 2014
45:
17:
12:
11:
5:
1115:
1105:
1104:
1087:
1086:
1084:
1083:
1081:Site isolation
1078:
1073:
1072:
1071:
1065:
1055:
1054:
1053:
1048:
1037:
1032:
1027:
1022:
1017:
1012:
1011:
1010:
1005:
995:
994:
993:
988:
987:
986:
979:Authentication
971:
970:
969:
968:
967:
957:
954:
943:
941:
937:
936:
934:
933:
928:
923:
918:
913:
908:
903:
898:
893:
888:
883:
878:
873:
868:
863:
858:
853:
848:
843:
838:
833:
832:
831:
821:
816:
811:
806:
801:
796:
791:
786:
781:
779:Email spoofing
776:
771:
766:
761:
756:
751:
746:
741:
736:
731:
726:
721:
719:DOM clobbering
716:
711:
706:
701:
699:Code injection
696:
691:
690:
689:
684:
679:
674:
666:
661:
656:
651:
645:
643:
637:
636:
626:
624:
622:
621:
616:
611:
606:
601:
596:
591:
586:
581:
579:Cyberterrorism
576:
571:
570:
569:
567:Computer fraud
564:
554:
549:
543:
541:
537:
536:
529:
528:
521:
514:
506:
499:
498:
457:
433:
422:. 29 June 2017
407:
397:. 28 June 2017
382:
357:
329:
305:
279:
252:
221:
196:
171:
169:
166:
160:
157:
44:
41:
27:is a class of
15:
9:
6:
4:
3:
2:
1114:
1103:
1100:
1099:
1097:
1082:
1079:
1077:
1074:
1069:
1066:
1064:
1061:
1060:
1059:
1056:
1052:
1049:
1046:
1043:
1042:
1041:
1038:
1036:
1033:
1031:
1028:
1026:
1023:
1021:
1018:
1016:
1013:
1009:
1006:
1004:
1001:
1000:
999:
996:
992:
991:Authorization
989:
985:
982:
981:
980:
977:
976:
975:
972:
966:
963:
962:
961:
958:
955:
953:
952:Secure coding
950:
949:
948:
945:
944:
942:
938:
932:
929:
927:
924:
922:
921:SQL injection
919:
917:
914:
912:
909:
907:
904:
902:
901:Vulnerability
899:
897:
894:
892:
889:
887:
886:Trojan horses
884:
882:
881:Software bugs
879:
877:
874:
872:
869:
867:
864:
862:
859:
857:
854:
852:
849:
847:
844:
842:
839:
837:
834:
830:
827:
826:
825:
822:
820:
817:
815:
812:
810:
807:
805:
802:
800:
797:
795:
792:
790:
787:
785:
782:
780:
777:
775:
772:
770:
769:Eavesdropping
767:
765:
762:
760:
759:Data scraping
757:
755:
752:
750:
747:
745:
742:
740:
737:
735:
732:
730:
729:Cryptojacking
727:
725:
722:
720:
717:
715:
712:
710:
707:
705:
702:
700:
697:
695:
692:
688:
685:
683:
680:
678:
675:
673:
670:
669:
667:
665:
662:
660:
657:
655:
652:
650:
647:
646:
644:
642:
638:
630:
620:
617:
615:
612:
610:
607:
605:
602:
600:
597:
595:
592:
590:
587:
585:
582:
580:
577:
575:
572:
568:
565:
563:
560:
559:
558:
555:
553:
550:
548:
545:
544:
542:
538:
534:
527:
522:
520:
515:
513:
508:
507:
504:
494:
490:
485:
480:
476:
472:
468:
461:
447:
443:
437:
421:
417:
411:
396:
392:
386:
372:
368:
365:Zetter, Kim.
361:
346:
345:
340:
333:
319:
315:
309:
294:
290:
283:
269:
265:
259:
257:
240:
236:
232:
225:
211:
207:
204:Zetter, Kim.
200:
186:
182:
176:
172:
165:
156:
154:
153:
148:
144:
143:HermeticWiper
140:
136:
131:
129:
126:
122:
118:
114:
110:
105:
103:
99:
96:, during the
95:
91:
90:Lazarus Group
86:
84:
80:
77:
73:
69:
64:
62:
58:
57:Kaspersky Lab
54:
50:
40:
38:
34:
30:
26:
22:
1025:Data masking
910:
584:Cyberwarfare
474:
470:
460:
449:. Retrieved
445:
436:
424:. Retrieved
419:
410:
399:. Retrieved
395:Ars Technica
394:
385:
374:. Retrieved
370:
360:
348:. Retrieved
342:
332:
321:. Retrieved
318:Ars Technica
317:
308:
297:. Retrieved
292:
282:
271:. Retrieved
268:Ars Technica
267:
243:. Retrieved
234:
224:
213:. Retrieved
209:
199:
188:. Retrieved
184:
175:
162:
150:
146:
142:
138:
132:
106:
87:
65:
46:
31:intended to
24:
18:
965:Misuse case
799:Infostealer
774:Email fraud
739:Data breach
574:Cybergeddon
477:: 184–201.
446:standard.at
128:file system
94:North Korea
1030:Encryption
906:Web shells
846:Ransomware
794:Hacktivism
557:Cybercrime
451:2022-03-15
401:2017-06-28
376:2017-07-03
350:January 4,
323:2017-07-03
299:2017-07-03
273:2017-07-03
215:2017-07-03
190:2017-07-03
185:Securelist
168:References
147:IsaacWiper
139:CaddyWiper
83:Alan Kurdi
37:hard drive
861:Shellcode
856:Scareware
704:Crimeware
664:Backdoors
493:0167-4048
210:Wired.com
85:instead.
79:U.S. flag
55:supplied
1096:Category
1035:Firewall
940:Defenses
866:Spamming
851:Rootkits
824:Phishing
784:Exploits
420:BBC News
344:CNNMoney
239:Archived
159:Solution
152:FoxBlade
113:NotPetya
43:Examples
876:Spyware
819:Payload
814:Malware
754:Viruses
734:Botnets
641:Threats
426:29 June
121:payload
119:with a
109:Ukraine
76:burning
72:Rawdisk
68:Shamoon
49:Iranian
29:malware
1070:(SIEM)
1047:(HIDS)
931:Zombie
668:Bombs
649:Adware
491:
245:29 May
149:, and
916:Worms
911:Wiper
829:Voice
677:Logic
371:Wired
61:Flame
33:erase
25:wiper
682:Time
672:Fork
489:ISSN
428:2017
352:2015
293:Bits
247:2012
125:NTFS
66:The
23:, a
687:Zip
479:doi
19:In
1098::
487:.
475:74
473:.
469:.
444:.
418:.
393:.
369:.
341:.
316:.
291:.
266:.
255:^
237:.
233:.
208:.
183:.
145:,
141:,
63:.
525:e
518:t
511:v
495:.
481::
454:.
430:.
404:.
379:.
354:.
326:.
302:.
276:.
249:.
218:.
193:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.