Russian computer networks are being stalked by a new Trojan that purports to be ransomware but is really designed to wipe systems and leave them unrecoverable.
The malware has been dubbed CryWiper by Moscow-based cybersecurity firm Kaspersky, which says it recently spotted the malicious code in the wild.
“At the first glance, this malware looks like ransomware: it modifies files, adds a
.cry extension to them – unique to CryWiper, and saves a
README.txt file with a ransom note, which contains the bitcoin wallet address, the contact email address of the malware creators and the infection ID,” it reports.
But the whole thing is a ruse, since “a file modified by CryWiper cannot be restored to its original state – ever,” it says. “So if you see a ransom note and your files have a new .CRY extension, don’t hurry to pay the ransom: it’s pointless.”
Russian daily newspaper Izvestia reports that systems at “mayor’s offices and courts” are among the organizations that have been infected with the fake ransomware, which demands 0.5 bitcoins – $8,050 – for a decryption key.