Home/News/GigaWiper Windows Backdoor Combines Disk Wiping, Fake Ransomware
The Hacker News2 min read

By Interestana AI Editorial — AI-drafted, human-overseen. How we report

GigaWiper Windows Backdoor Combines Disk Wiping, Fake Ransomware

GigaWiper Windows Backdoor Combines Disk Wiping, Fake Ransomware

Microsoft has analyzed a destructive Windows backdoor named GigaWiper, which consolidates three distinct destructive tools into a single operational package. This backdoor allows operators to choose from various commands, each designed to inflict damage on a targeted machine. The primary functions include complete disk wiping, overwriting the Windows drive, and deploying a fake ransomware strain that encrypts files using a key that is not saved, rendering them irrecoverable.

The GigaWiper backdoor is notable for its modular construction, integrating pre-existing destructive programs rather than being a novel creation. This approach allows for a versatile attack vector, enabling threat actors to select the specific type of damage they wish to inflict. The fake ransomware component, for instance, mimics the behavior of legitimate ransomware by scrambling files, but its inherent design prevents any decryption, leading to permanent data loss.

Microsoft's analysis, published this week, indicates that GigaWiper is designed to be highly destructive. The integration of disk wiping capabilities means that sensitive data can be irretrievably erased, a tactic often employed in espionage or sabotage operations. The inclusion of spyware suggests that data exfiltration may also be a secondary objective, allowing attackers to gather intelligence before or after deploying the destructive payloads.

While specific attribution for GigaWiper has not been detailed by Microsoft, the sophistication of its combined functionalities points to a well-resourced adversary. The use of older, repurposed destructive tools suggests a pragmatic approach by attackers, leveraging existing capabilities to create a potent and multi-faceted threat. Organizations are advised to ensure their endpoint detection and response (EDR) solutions are up-to-date to detect and mitigate GigaWiper and similar threats.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Get the weekly AI digest

AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.

Read next