Destructive Windows backdoor stuffs multiple wipers and ransomware code into a single package
Microsoft says GigaWiper combines at least 3 malware families into one modular tool
A newly identified destructive Windows backdoor combines ransomware-like encryption with multiple data-wiping features, according to Microsoft.
Last October, the Redmond threat-hunting team first spotted attacks using the Golang-based implant they've named GigaWiper.
Its developers stuffed multiple malware families into the software as on-demand commands, giving criminals a Swiss Army knife of command-and-control (C2) and destructive capabilities, including multiple wiping commands and file encryption without any possibility of decryption.
“The consolidation of multiple destructive capabilities into a modular backdoor reflects a notable shift in wiper malware, which are typically designed purely to destroy rather than to extort and carry real-world consequences,” Microsoft Threat Intelligence wrote in a Thursday blog.
Microsoft declined to answer The Register's questions about the scale and scope of GigaWiper attacks.
In the blog, Redmond’s malware analysts said they uncovered two types of GigaWiper samples...
Copyright of this story solely belongs to theregister.com. To see the full text click HERE