Best Top Reviews Online

New Crywiper Data-erasing Malware Masquerading As Ransomware Targets Russian Courts

CryWiper, a new data eraser malware, has been discovered targeting Russian government agencies, such as the mayor’s offices and courts.

“Although it masquerades as ransomware and extorts money from the victim for ‘decrypting’ data, [it] does not actually encrypt, but instead destroys data in the affected system,” wrote Fedor Sinitsyn and Janis Zinchenko of Kaspersky Lab in a report.

Izvestia, a Russian-language news publication, divulged additional information about the attacks. The intrusions have not yet been attributed to a particular hostile group.

CryWiper, a C++-based malware, is programmed to establish persistence via a scheduled task and to communicate with a command-and-control (C2) server to initiate malicious activity.

In an attempt to obstruct incident response efforts, in addition to terminating processes related to database and email servers, the malware is equipped to delete shadow copies of files and modify the Windows Registry to prevent RDP connections.

As a final step, the wiper corrupts all files except those with the “.exe,” “.dll,” “link,” “.sys,” and “.msi” extensions, while skipping specific directories such as C: Windows, Boot, and tmp, which would otherwise render the system inoperable.

The files overwritten with garbage data are appended with the extension “.CRY,” and a ransom note is then dropped to give the impression that it is a ransomware program, demanding that the victim pay 0.5 Bitcoin to regain access.

“The activity of CryWiper demonstrates once again that paying the ransom does not guarantee the recovery of files,” researchers stated, adding that the malware “deliberately destroys the contents of files.”

CryWiper is the second retaliatory wiper malware strain targeting Russia, following RURansom, a.NET-based wiper discovered in March targeting entities in the country.

The ongoing conflict between Russia and Ukraine has resulted in the deployment of multiple wipers, including WhisperGate, HermeticWiper, AcidRain, IsaacWiper, CaddyWiper, Industroyer2, and DoubleZero, among many others.

“Wipers can be effective regardless of the technical expertise of the attacker, as even the most basic wiper can wreak havoc on affected systems,” Trellix researcher Max Kersten said last month in an analysis of destructive malware.

“In comparison to complex espionage backdoors and the frequently used vulnerabilities that accompany them, the amount of time needed to create this type of malware is minimal. In such cases, the return on investment need not be high, as it is unlikely that a few windshield wipers will cause that much damage.”

Why Trust Us?

Best Top Reviews Online was founded in 2018 to provide our readers with thorough, unbiased, and independent advice on what to buy. We now have millions of monthly users from all over the world and evaluate over 1,000 products per year.

The article above was written by the BestTopReviewsOnline team, which includes many of the US’s most knowledgeable technical experts. Our team includes well-known writers with extensive experience in mobile phones, computing, technology, photography, and other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of