Table of Contents
Malware with destructive payloads have existed since long. But their delivery tactics and level of destruction has evolved exponentially. If we consider last five years, then we can conclude that most destructive malware such as ransomware with CryptoLocker and TeslaCrypt, and many others have made appearance. With these, the attackers have earned a lot from the users and despite being equipped with malware removal tool, they couldn’t fight back!
Holding the data as ransom and asking for money has become too mainstream, now the attackers are concentrating more on attacking via wiper malware. But what is this wiper malware anyway?
What Is Wiper Malware?
This is a special type of malware that has only one intention, wiping out the data in systems entirely so that there’s no hope left for data recovery. This was made and designed to look like Petya ransomware but instead of holding the data ransom, this one just erases the traces of data. However, the destructive capabilities of wiper malware may vary. It can range from replacing, overwriting or deleting specific files to destroying entire system. This destruction directly depends on the technique used. Wiper malware was first witnessed in 2012 after which several instances of the same have been witnessed.
Let’s dig a bit deeper and know about the anatomy of a wiper! The path and activities carried out by a wiper malware entirely depends on the intensity and technique used. However, it usually has three attack vectors: data files, boot section of the operating system and backups of system and data in them. Most common practice of destruction is by deleting volumes of data along with their shadows and backups. The hackers have two options for this, they can either erase the first 10 sectors of hard disk or overwrite them. Either way, the OS becomes unbootable and in a few cases, recovery console is also destroyed. But to perform these, malware requires custom bootloader that unleashes destruction by bypassing the operating system protections. However, scenario is not same every time and it depends entirely on the attacker!
How To Mitigate Wiper Malware Attack?
Time and again, we are reminded that the technologies we use to prevent and mitigate attacks are not efficient. Organizations and people are suggested to take following measures:
Cyber Security Incident Response Plan (CSIRP)
As the defense mechanism for this doesn’t vary vastly from petya ransomware, CSIRP comes handy. One needs to implement this in order to determine what should be the next step and who will complete the assigned task. This plan focuses on the fact that data security is not sole responsibility of IT team. Every member involved is equally responsible and should know about their role. Also, the professionals must know about the latest regulations that have been implemented.
Cyber Security – Aware Business Continuity Plan
Most of the organizations have business continuity plans that can be used when natural disaster hits, or the office is moved. These plans should be updated and account for data loss so that at least partial recovery can be done. Moreover, actions must be taken to avoid bottleneck while recovery. Well, this sounds quite tedious but can be achieved using simple tricks such as having a background software running continuously for backup, segmenting the backup network and many more.
Risk-Based Patch Management Program
Patching is a critical when data recovery is involved. But this is highly complicated and thus prioritization is needed. Well, the parameters of deciding priority may vary, but usually they must be related to risk and business. Also, a detailed analysis should be prepared so that it is clear if systems can be isolated or not. This will eventually help in the process of recovery. Also, the patching must be done sequentially. The process is quite intricate and thus a highly skilled team of professionals is required for this!
Network and User Segregation
We cannot deny the fact that segmenting a network restricts the attack in one branch and mitigation becomes much easier. Therefore, the organizations are recommended to use this tactic! Even if things are done logically, the network of systems used must be fragmented!
Cyber Security Technology Stack
Unless you are living under a rock, you must be knowing that today one technology cannot defend the systems. Thus, we need multiple layer to ensure the security of the organization. New generation of tools should be deployed for the analysis of encrypted traffic and finding malware patterns.
The Final Verdict
Wiper malware will continue to evolve and so will the practices of attackers. We need more efficient technologies and systems that can help is with the same. Till then, you should remember and practice standard safety measures. Do not forget to install a reliable antivirus in your system and stay vigilant to witness abnormal behavior in your system. We hope that soon we’ll be equipped with an efficient malware removal tool to defend ourselves from most destructive malware as well. What do you think?