Microsoft Discovers GigaWiper, a Destructive Windows Backdoor
Microsoft has identified a new Windows backdoor, dubbed GigaWiper, which combines ransomware-like encryption with multiple data-wiping features. The backdoor, written in Golang, has been spotted in attacks since last October and allows criminals to use a single package for various malicious operations. The discovery highlights a shift in wiper malware, which are typically designed to destroy rather than extort.
Key points
- GigaWiper is a destructive Windows backdoor developed by unknown entities, combining ransomware-like encryption with multiple data-wiping features.
- The backdoor, written in Golang, has been spotted in attacks since last October and allows criminals to use a single package for various malicious operations.
- Microsoft's threat-hunting team first identified GigaWiper in October, and the company has declined to comment on the scale and scope of attacks.
- The backdoor includes two types of samples: a standalone wiper that overwrites raw disk content and a more complex sample that includes disk-wiping functionality and file encryption.
- Analysts say this discovery highlights a shift in wiper malware, which are typically designed to destroy rather than extort, and may have real-world consequences.
- The EU and other regulators have not commented on the discovery, but cybersecurity experts are warning of the potential risks and consequences of such malware.
Microsoft has discovered a new Windows backdoor, dubbed GigaWiper, which combines ransomware-like encryption with multiple data-wiping features. The backdoor, written in Golang, has been spotted in attacks since last October and allows criminals to use a single package for various malicious operations.
The discovery highlights a shift in wiper malware, which are typically designed to destroy rather than extort. Analysts say this may have real-world consequences, as the malware can cause significant damage to individuals and organizations.
Microsoft's threat-hunting team first identified GigaWiper in October, and the company has declined to comment on the scale and scope of attacks. The backdoor includes two types of samples: a standalone wiper that overwrites raw disk content and a more complex sample that includes disk-wiping functionality and file encryption.
Cybersecurity experts are warning of the potential risks and consequences of such malware, and regulators are likely to take notice. The EU and other regulators have not commented on the discovery, but it is clear that this is a serious threat that requires immediate attention.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.