corporate law

Protect Your Data: Understanding and Mitigating Data Wiper Malware Threats

Introduction

This advisory issued by the Employees’ Provident Fund Organisation (EPFO) addresses the rising threat of data wiper malware used by nation-sponsored threat actors. The primary goal of such attacks is the destruction of data on victim machines. Below is an overview of notable data wiper malware currently active in the cyber landscape, along with recommendations for mitigating risks.

Overview of Data Wiper Malware

1. AwfulShred

  • Description: A data-wiping bash script specifically targeting Linux-based systems.

2. DoubleZero

  • Description: This .NET-based data wiper is designed to destroy files, registry keys, and tree structures on Windows machines. It targets all drives, erasing content either by overwriting it with zero blocks of 4096 bytes or through API calls, with exceptions for specific hardcoded locations.

3. CaddyWiper

  • Description: Targeting non-primary domain controller Windows machines, CaddyWiper overwrites files with zero upon execution, rendering the data unrecoverable.

4. ACIDRAIN

  • Description: Aimed at modems and routers for internet access, AcidRain performs recursive overwriting and deletes non-standard files within the filesystem.

5. DesertBlade

  • Description: Deployed through Active Directory Group Policy Object (GPO), indicating prior control over the network, DesertBlade overwrites and then deletes files on the victim machines.

Recommendations

To mitigate the impact of data loss or system disruption caused by data wiper malware, the following measures are advised:

  • Periodic Backups: Regularly back up all critical information and data to limit potential losses.
  • Secure Backup Storage: Store data backups on separate devices and maintain them in offline mode to enhance security and availability during an attack.

Conclusion

It is crucial for organizations to remain vigilant against the threats posed by data wiper malware. Implementing robust data backup strategies will ensure that recovery processes are swift and effective in the event of a cyber attack.