Cyberattacks leveraging the novel CryWiper data wiper malware that poses as ransomware were reported by Kaspersky and Russian news service Izvestia to have been targeted at Russian mayors' offices and courts, according to Ars Technica.
CryWiper, which has similarities with the IsaacWiper malware targeted at Ukraine-based organizations and the Trojan-Ransom.Win32.Xorist and Trojan-Ransom.MSIL.Agent, destroys, rather than encrypts, data in impacted systems even if it masqueraded as ransomware, a report from Kaspersky found.
Izvestia reported that part of CryWiper's scheme included a note seeking a 0.5 bitcoin demand, as well as detailing a wallet address where victims could place their payments.
However, Kaspersky researchers noted that the program code of CryWiper indicated that the malware was originally meant for data wiping. Ongoing geopolitical tensions are expected to further increase wiper malware prevalence, added researchers.
"In many cases, wiper and ransomware incidents are caused by insufficient network security, and it is the strengthening of protection that should be paid attention to," they added.
Operations of California's Solano Partner Libraries and St. Helena, or SPLASH, continue to be interrupted weeks after the county's library network was targeted by a ransomware attack earlier this month, StateScoop reports.
Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.
Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.