March 9th, 2022: RURansom Wiper

Industry: N/A | Level: Strategic | Source: TrendMicro

A new wiper has been discovered associated with the Russian and Ukraine conflict. This wiper is targeted against Russia and is named RURansom Wiper. As reported by TrendMicro the malware was detected between February 26 and March 2, 2022, and is likely in development due to different variations being observed. Identified in the malware, the "ransom note" contained the following translated message, "on February 24, President Vladimir Putin declared war on Ukraine....To counter this, I, the creator of RU_Ransom, created this malware to harm Russia. You bought this for yourself, Mr. President.", There is no way to decrypt your files. No payment, only damage. And yes, this is \peacekeeping\ like Vladi Papa does, killing innocent civilians." The malware appears to only be targeting Russian assets as versions analyzed, identified it only executing if the host's software is Russian or the IP is in Russia. Additionally the developer of the malware appears to also be developing a malware, dnWipe, which encodes specific files "file extensions: .doc, .docx, .png, .gif, .jpeg, .jpg, .mp4, .txt, .flv, .mp3, .ppt, .pptx, .xls, and .xlsx" in base64.