Security Malware and Cyberwar viruses ESET has discovered the new CaddyWiper malware which, like the previous HermeticWiper and IsaacWiper, deletes all data from disks connected to computers. ESET experts have discovered a new destructive attack on the computers of Ukrainian companies. CaddyWiper is the third malware of this type distributed in the country since the beginning of the Russian invasion (the fourth also considering that of January). However, the software house did not detect similarities with the previous HermeticWiper and IsaacWiper. CaddyWiper: digital destruction According to telemetry from ESET (one of the companies that has suspended sales in Russia), CaddyWiper has so far affected a dozen systems from a limited number of organizations. While it does not share the code with HermeticWiper, the distribution of the new malware occurs in a similar manner, namely through Group Policy Objects (GPOs). This means that the attackers had already gained control of the network. CaddyWiper first checks if the device is a domain controller. If the result is positive, the data is not deleted because the cybercriminals want to maintain access to the corporate network. Obviously the main functionality is identical to that of its predecessors: total deletion of data and information of partitions on drives connected to computers. The system then becomes unusable. The impact of the cyberattack is not known at the moment. The wipers are exploited to create irreversible damage to the victims of the attacks. Cybercriminals are therefore not looking to make a profit, as is the case with ransomware. Probably the authors are of Russian origin, but there is no confirmation. Similar attacks could affect other countries as well. The cybersecurity agencies of the United States and Italy have warned companies, recommending measures that can limit the risks.
new malware
CaddyWiper: New destructive malware in Ukraine