You show up for work all bright and shiny one day, fire up your computers and…suddenly you feel your heart leap in your chest and your hands begin to shake. Your data, the lifeblood of your organization, has been erased. What happened? Now what are you supposed to do?
When it is all wiped clean by wiper malware, there is not much you can do. Which is why it is so important to protect your data and implement state-of-the-art data security measures that will help you replace that lost data.
It Is Wiper Malware
Wiper malware, the villain of this real life horror story, almost brought Sony Entertainment to its knees in 2014. The recent attack associated with North Korea, used something called Destover to do its dirty deed.
The cyber world has captured the imagination of criminal minds and other hackers. It is the wild west all over again, but this time wars will be waged without bullets. Attacks will come without bombs or soldiers. Instead cyber attacks will be fought from swivel chairs.
Every business and every person that is connected to the web can easily become a victim.
So if you have a 100,000 word novel or your company’s financial life on your computer systems, you better have some type of cyber security plan and backup in place.
What Is Wiper Malware?
A rose by any other name is still a rose, only in this case it is Wiper malware, also known as Shamoon, Black Energy, Destover, ExPetr/Not Petya and Olympic Destroyer and others. Their purpose is to destroy systems or data and cause reputational damage or financial loss.
Even so, most of the actuators of Wiper code are bent on one of two things:
- Sending a message – typically to make a political statement.
- Cover their tracks after data exfiltration.
Yes, destructive cyber attacks have been around for a long time. But the delivery method of wiper malware is significantly more evolved and damaging and can range from overwriting files to the destruction of entire file systems.
The Wiper Anatomy
The typical Wiper malware looks at three targets: files (data), system boot section, and backups (located on the system). It usually targets all three areas simultaneously.
Cyber Security Measures Are Essential
It is an unsettling moment when fact and truth are no longer the same things. The newspaper and 24/7 cable news channels show that opinion, elections, and information can be manipulated, controlled, targeted and (gulp…) erased. So far it’s been mostly politics, but that will soon change as hackers learn to do more and more damage.
Patterns of Attack
In a report entitled “Wiper Malware Analysis,” David McMillen stated that malware attacks basically began in 2008 with a malware called Narilam. This computer compromise method attacked financial and business software packages primarily used in Iran.
In 2009 and 2010, two more, called Dozer and Koredos were deployed in South Korea. Shamoon, reared its ugly head in 2012 and took out 30,000 computers at Saudi Aramco. Another in the growing list of villains called GrooveMonitor/Maya, was reported in Iran and an aptly name package called Dark Seoul showed up in South Korea.
Some launch one-time attacks on a specific date, others move more gradually doing their damage over a longer period of time, allowing remote command-and-control center access to the system.
Hackers can now potentially move into extortion, blackmail, and ransom as the value of data increases exponentially. As creative as the malware becomes, so too will the creativity of the hackers or political activists that want to sway things their way. With vast amounts of money, influence and power at stake, the duty to protect your data have never been higher. Erasure, exposure and extortion can all come your way, regardless of how careful you think you may be.
What Can You Do?
Don’t be defensive, but instead be offensive – prepare for an eventual cyber attack. When it comes to malware, it is not a matter of “If” you will be attacked but when. The best things you can do are:
- Prepare is to take proactive security steps to minimize the risks
- Isolate crucial intellectual property in hardened systems that can only be accessed through security passwords
- Back-up important files and store them off-site
- Institute and test an emergency response and recovery plan
If you take these vital steps to secure your data, you won’t have to worry about Wiper Malware ruining your bright and shiny day.
If you would like more information, contact LP3. We will be glad to help you make an informed decision on cyber security for your business or organization.
Scott Lawler is CEO of LP3 and provides enterprise cyber security architecture advice to government and commercial clients.