Microsoft Windows Causes Grave Damage to Courts and Mayors' Offices
-
CryWiper: fake ransomware [Ed: Lesson of the story is, don't run Windows]
Our experts have discovered an attack of a new Trojan, which they’ve dubbed CryWiper. At the first glance, this malware looks like ransomware: it modifies files, adds a .CRY extension to them (unique to CryWiper), and saves a README.txt file with a ransom note, which contains the bitcoin wallet address, the contact e-mail address of the malware creators, and the infection ID. However, in fact, this malware is a wiper: a file modified by CryWiper cannot be restored to its original state — ever. So if you see a ransom note and your files have a new .CRY extension, don’t hurry to pay the ransom: it’s pointless.
-
CryWiper Data Wiper Targeting Russian Sites
Kaspersky is reporting on a data wiper masquerading as ransomware that is targeting local Russian government networks.
-
Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices [Ed: This shallow report fails to say that this is a Windows problem]
CryWiper shares a separate commonality with ransomware families known as Trojan-Ransom.Win32.Xorist and Trojan-Ransom.MSIL.Agent. Specifically, the email address in the ransom note of all three is the same.
-
New CryWiper data wiper targets Russian courts, mayor’s offices [Ed: This Microsoft boosters' site also fails to highlight the role of Windows here. If this was a "Linux"-affecting issue, the word "Linux" would be all over headlines and more (also, Jim Zemlin would join in the FUD, as usual)].]
A previously undocumented data wiper named CryWiper is masquerading as ransomware, but in reality, destroys data beyond recovery in attacks against Russian mayor's offices and courts.
[...]
CryWiper is a 64-bit Windows executable named 'browserupdate.exe' written in C++, configured to abuse many WinAPI function calls.