Wiperware: New Malware That Shouldn’t Be Taken Lightly

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Any business can be a target for hackers who use ransomware. However, in recent months, a major new threat has emerged. The recent Petya attack was initially perceived to be another form of ransomware.

However, as the firms involved took stock in the aftermath of the events, it became apparent that the attack took the form of “wipeware,” code that is designed to completely destroy the files stored on any system.

What is wiperware?

Wiperware is designed with one goal in mind: total destruction. The malware asks users to install a software update and then it immediately takes control of the device. Once it has gained admin access, it completely overwrites all files on the device and in some cases the entire network. Any attached storage is also vulnerable, included USB external drives, memory sticks and network shared drives.

While the motivations behind Petya remain unknown, what is abundantly clear is that wiperware is a threat that needs to be taken very seriously. Here are a couple of things you can do right now.

Maintain and segregate backups to stop malware spread

In the recent Petya ransomware attack, the hackers had no intention of stealing files; they simple wanted to cause destruction.

The best method by which you can safeguard against this is by having a full and comprehensive backup of all your files and systems. This backup needs to be segregated from the network. A backup and disaster recovery unit that takes frequent images of your server is ideal. These images should be uploaded to secure off-site storage.

Adopt a heuristic approach to malware detection

The anti-virus software that the majority of SMBs use are rather backward looking; that is, they are only capable of stopping known malware and viruses.

Typically, software companies learn about new risks and issue updates as new threats emerge. Heuristic detection solutions are much more sophisticated. They test unknown commands in a virtual environment to determine the effects they would have on the systems.

When this approach is employed, it is often possible to identity and block previously unknown strains of malware, including wiperware.

It is no longer sufficient to simply have a backup and recovery plan in place. You should contemplate an attack that destroys all of your infrastructure, and plan around that.

Given the rapid evolution of cyberattacks, it is critical that you proactively audit, update and test your defense and response mechanisms.

These activities should not be limited to business continuity plans but should also include ongoing employee education and training.