A new destructive malware has been discovered in Ukraine. The CaddyWiper malware is actually the third strain of wiper malware to hit Ukrainian systems since the Russia Ukraine war began. CaddyWiper was discovered by security researchers from ESET, a Slovakia-based cybersecurity firm. ESET discovered the malware on Monday and posted a thread of tweets about the same.
CaddyWiper affects your data. As per the researchers, the tool erases not just user data, but even partition information from any drives that were unfortunate to be connected to an affected machine. The thread suggests that CaddyWiper works by corrupting files on a machine and overwriting them with null byte characters, losing the user data forever in the process. Unlike a ransomware malware, a wiper malware is used to permanently delete data from an affected PC. It is a more directly destructive approach and has nothing to do it extracting money from victims.
“We know that if the wiper works, it will effectively render the system useless,” Jean-Ian Boutin, head of threat research at ESET, told The Verge. “However, it is unclear at this point what is the overall impact of this attack.”
Check it out below.
Boutin also added that seemingly not a lot of devices were infected with CaddyWiper yet, and that ESET’s research had only observed one organisation being targeted by the malware.
Two other strains of wiper malware targeting Ukraine’s computers were also discovered in recent weeks amidst the Russian invasion. HermeticWiper, the first of the two strains was discovered on February 23, a day before the Russian conflict began.
Meanwhile, IsaacWiper was deployed in Ukraine on February 24. That said, a timeline shared by ESET also suggests that the two malware attacks could have been strategically planned as they had reportedly been in development months before their release.