-- Leo's gemini proxy

-- Connecting to gemini.tuxmachines.org:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini;lang=en-GB

Tux Machines


Microsoft Windows Causes Grave Damage to Courts and Mayors' Offices


Posted by Roy Schestowitz on Dec 07, 2022


Programming Leftovers

PostgreSQL: Pgpool-II 4.4.0 is now released.



CryWiper: fake ransomware [Ed: Lesson of the story is, don't run Windows]


↺ CryWiper: fake ransomware


> Our experts have discovered an attack of a new Trojan, which they’ve dubbed CryWiper. At the first glance, this malware looks like ransomware: it modifies files, adds a .CRY extension to them (unique to CryWiper), and saves a README.txt file with a ransom note, which contains the bitcoin wallet address, the contact e-mail address of the malware creators, and the infection ID. However, in fact, this malware is a wiper: a file modified by CryWiper cannot be restored to its original state — ever. So if you see a ransom note and your files have a new .CRY extension, don’t hurry to pay the ransom: it’s pointless.



CryWiper Data Wiper Targeting Russian Sites


↺ CryWiper Data Wiper Targeting Russian Sites


> Kaspersky is reporting on a data wiper masquerading as ransomware that is targeting local Russian government networks.



Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices [Ed: This shallow report fails to say that this is a Windows problem]


↺ Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices


> CryWiper shares a separate commonality with ransomware families known as Trojan-Ransom.Win32.Xorist and Trojan-Ransom.MSIL.Agent. Specifically, the email address in the ransom note of all three is the same.



New CryWiper data wiper targets Russian courts, mayor’s offices [Ed: This Microsoft boosters' site also fails to highlight the role of Windows here. If this was a "Linux"-affecting issue, the word "Linux" would be all over headlines and more (also, Jim Zemlin would join in the FUD, as usual)].]


↺ New CryWiper data wiper targets Russian courts, mayor’s offices

↺ Jim Zemlin would join in the FUD

↺ as usual


> A previously undocumented data wiper named CryWiper is masquerading as ransomware, but in reality, destroys data beyond recovery in attacks against Russian mayor's offices and courts.


> [...]


> CryWiper is a 64-bit Windows executable named 'browserupdate.exe' written in C++, configured to abuse many WinAPI function calls.




gemini.tuxmachines.org

-- Response ended

-- Page fetched on Fri Jun 14 05:57:45 2024