Slovakia-based cybersecurity firm ESET have have discovered a new type of destructive wiper malware affecting computers in Ukraine, making it at least the third strain of wiper to have hit Ukrainian systems since the Russian invasion began.

According to the researchers, the malware erases user data and partitions information from any drives attached to a compromised machine. Sample code shared on Twitter suggests the malware corrupts files on the machine by overwriting them with null byte characters, making them unrecoverable.

ESET research has previously uncovered two other strains of wiper malware targeting computers in Ukraine.


A timeline of IsaacWiper and HermeticWiper development
ESET research

Wiper programs share some similarities with ransomware in terms of their ability to access and modify files on a compromised system, but unlike ransomware — which encrypts data on a disk until a release fee is paid to attackers — wipers permanently delete disk data and give no way to recover it. This means the objective of the malware is purely to cause damage to the target rather than extract any financial reward for the attacker.

READ
Nominet Confirms Network Breach via Ivanti VPN Zero-Day Exploit