Skip to content
theregister·

🚨GigaWiper: Malware Combines Ransom and Wipe Features

New malware wipes data AND encrypts files with no key

TL;DR

A new Windows backdoor, GigaWiper, combines ransomware encryption with destructive wiping features. It includes multiple wiping commands and file encryption without decryption keys. Two types of samples were found, each with unique capabilities.

GigaWiper is a modular malware that merges at least three separate families into one robust tool. This backdoor can disable Windows recovery, trigger BSODs, encrypt files with AES-256 and random keys, and wipe data without any chance of recovery. If you manage critical systems or handle sensitive data, this is a serious threat to your security posture. The malware uses RabbitMQ for C2 communication and includes features like screen recording and system info collection.

GigaWiper: Malware Combines Ransom and Wipe Features — theregister

Key Points

1

GigaWiper combines Crucio ransomware, FlockWiper, and standalone disk wipers into one tool.

2

Two types of GigaWiper samples were found in victim environments: a standalone wiper and a C2-enabled variant.

3

The malware uses RabbitMQ over AMQP for command-and-control communication and Redis for status updates.

4

GigaWiper includes commands to disable Windows recovery, trigger BSODs, and wipe disks at the physical level.

5

File encryption is performed with AES-256 in CBC mode using randomly generated keys that are never saved.

Why It Matters

If you manage critical systems or handle sensitive data, GigaWiper poses a significant threat. Its ability to disable recovery options and encrypt files without decryption keys means traditional ransomware countermeasures may not suffice. Security teams must update their incident response plans to account for this new level of destructive capability.

GigaWiperransomwarewipersWindows malwarecybersecurity

Frequently Asked Questions

Why does this matter?

If you manage critical systems or handle sensitive data, GigaWiper poses a significant threat. Its ability to disable recovery options and encrypt files without decryption keys means traditional ransomware countermeasures may not suffice. Security teams must update their incident response plans to account for this new level of destructive capability.

What happened?

A new Windows backdoor, GigaWiper, combines ransomware encryption with destructive wiping features. It includes multiple wiping commands and file encryption without decryption keys. Two types of samples were found, each with unique capabilities.

Comments

Subscribe to join the conversation...

Be the first to comment

Enjoyed this article?

Get it daily. 7am. Free. Reads in 5 minutes.