Russian security firm Kaspersky has disclosed CryWiper, a malicious program that pretends to be ransomware but is actually designed to destroy data — named after the .cry extension that the malicious program uses to destroy files. The malware targeted Russian courts and mayor’s offices, but further details are unknown. Kaspersky claims that CryWiper does not damage any files with .exe, .dll, .lnk, .sys, or .msi extensions, and it also spares important system folders, targeting databases, archives, and user files. All that is known so far is that CryWiper is specifically targeting Russian targets. According to Kaspersky, CryWiper is written in C++ and compiled with the MinGW-w64 and GCC compilers, which is somewhat unusual since most C++ malware is compiled with Microsoft’s Visual Studio. Malicious programs should have been developed on non-Windows systems.
This article is transferred from: https://www.solidot.org/story?sid=73563
This site is only for collection, and the copyright belongs to the original author.