Author: Pam Boschee / Source: SPE
The malware that hit many businesses around the world on 27 June—including Rosneft, Maersk, and the Chernobyl nuclear power plant—and was initially reported as ransomware, wasn’t. It was worse: a “wiper” disguised as ransomware. And many cybersecurity experts think it may have been an initial test run of a new concoction of crimeware.
A wiper erases data from victims’ computer drives, unlike ransomware which holds the data hostage until payment is made to the attacker. Kapersky Lab wrote that in late-2011, early-2012, reports emerged about computer systems that were compromised and rendered unbootable. The extent of the damage to these systems was so extensive that almost no data were recoverable. The malware was named “The Wiper,” and the term is now applied generally to crimeware with similar effects.
Weston Hecker, a principal application security engineer/principal penetration tester at NCR Corp. in Bismarck, North Dakota, and a member of Rampart, an invitation-only nonprofit group of vetted white hats (ethical computer hackers), said the malware was professionally made and originated from Eastern Europe, and struck hard in Ukraine, Russia, and Poland.
It appears to be a hybrid of WannaCry (ransomware that hit in mid-May) and Mimikatz, an open-source utility that enables the capture of credential information. Mimikatz steals network credentials and then infiltrates the whole network as an impersonator of legitimate users. A single infected system on the network processing administrative credentials is capable of spreading the infection to all the other computers.
Think of this hybrid’s creation as similar to genetic engineering. Bits of code are tweezed from WannaCry to take advantage of vulnerable IT systems and combined with bits of Mimikatz. Hecker said that this hybrid attack may have been released as a field test to determine its effectiveness and to ultimately use the outcome to increase its ability to penetrate and propagate. Once malware is deployed, the opportunity to learn from it exists and makes possible a more virulent and…
Click here to read more