Wipers Disguised as Ransomware Have Become a New Weapon for Cybercriminals

• A report from IBM X-Force highlights that there has been a 200% increase in such destructive malware cases between the second half of 2018 and the first half of 2019.
• While many ransomware attacks include a wiper component, the wiper is typically used for extortion.

Lately, security researchers had discovered a new malware strain called Ordinypt that includes both wiper and ransomware capabilities. The malware was used to infect German-speaking users, thereby leaving them with no options to retrieve their files.

Ordinypt simply overwrites the data, rendering it permanently irrecoverable. This destructive nature of malware indicates that there’s no incentive for victims to pay the ransomware’s actors.

Ordinypt is not alone

Ordinypt is not only wiper that has caused havoc by masquerading as ransomware recently. In early August 2019, another ransomware named GermanWiper caused headaches for German companies by permanently destroying users’ data while demanding ransom payments.

In fact, a report from IBM X-Force highlights that there has been a 200% increase in such destructive malware cases between the second half of 2018 and the first half of 2019.

So what is the point behind disguising a wiper as ransomware? Let’s have a look at some points that stands in the favor of cybercriminals:

The financial gain

While many ransomware attacks include a wiper component, the wiper is typically used for extortion. The threat of permanent data destruction acts as a strong incentive for organizations to cough up the ransom. By the time has been ransom has been paid to the attackers, the organizations come to realize the truth of the wiper-cum-ransomware and are left with little or no chance for recovering their lost data.

Economic disruption

Sometimes the purpose of hiding wiper as ransomware is to achieve large-scale economic disruption. For example, in 2017, after a series of high-profile ransomware attacks, NotPetya was released to the world.

NotPetya seemed to be conventional ransomware designed to generate as much money as possible, but security researchers quickly realized something was amiss. It was later that many security experts found the ransomware was a destructive malware. All in all, NotPetya generated about $10,000 in ransom payments but caused more than $1 billion in the economic disruption.

Bottom line

Despite the fact that wipers-disguised-as-ransomware attacks pose a serious threat, companies should adopt a comprehensive disaster recovery strategy to mitigate the effects of malware in the future. This includes implementing a robust antivirus solution and frequent staff training about the importance of basic cyber hygiene.