Three Steps To Protect Your Organisation From Wiper Malware

Uploaded on 2023-01-17 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

Wiper malware is an alarming threat to corporate data. Unlike ransomware, which can encrypt and disable your files until you pay a ransom, wiper malware aims to delete your data permanently and cause as much destruction as possible.

Once it infects your system, it will make your data completely unrecoverable. This type of malware is hazardous because it offers no possibility of recovery by paying a ransom.

Wiper malware has grown more common in recent years, with several high-profile attacks making headlines. The destructive WannaCry attack in 2017, which affected hundreds of thousands of computers worldwide, is believed to have been a wiper attack.

Other notable recent wiper attacks include Olympic Destroyer in 2018, targeted at the Winter Olympics in South Korea, and ZeroCleare in 2020, targeted at the energy and industrial sectors in the Middle East. Even the infamous Sony Pictures hack was a wiper attack.

Wiper malware is also a weapon of cyber warfare. As the conflict between Russia and Ukraine continues, Ukraine has seen a withering barrage of wiper attacks. Recently, researchers at Fortinet reported that criminals deployed wiper malware against other countries. In the first half of 2022, seven new wiper variants were used in campaigns against private, government, and military organizations. Indeed, there have been wiper malware attacks in 24 countries beyond Ukraine, with some of these attacks targeting critical infrastructure using disk-wiping malware.

One of the fundamental challenges in dealing with wiper threats is that they’re very often difficult to detect and contain.

Unlike other forms of malware, which usually come with signs of their presence, wipers erase all traces of themselves once they have completed their destructive work. It makes it difficult for IT security professionals to respond to these attacks and prevent them from spreading.

Organisations must implement robust, multi-layered security measures, including regular backups of critical data to defend against wiper threats. It’s also essential to maintain a strong security posture and be alert to signs of a potential wiper attack.

Here are three steps your organisation can take to minimise your risk of falling victim to these destructive attacks.

1: Backup your data:   The importance of backing up your data cannot be overstated when defending against wiper malware. While backups can’t prevent an attack from occurring, they provide a lifeline for restoring compromised data caused by wiper malware—or any other type of attack.

By properly managing your backups, you can ensure you have copies of your data that are separate from your production systems. Should wiper malware, ransomware, or any other malware strike the active IT environment, your business can turn to its backups, stored on an immutable storage solution, for restoration.

Not only is restoring from backups more cost-effective and faster than paying a ransom to recover data, but it’s likely your only recourse in a wiper attack because paying a ransom is usually not an option.

2: Follow the 3-2-1-1 rule:   A 3-2-1-1 data-protection strategy is a best practice for defending against malware, including wiper attacks. This strategy entails maintaining three copies of your data, on two different media types, with one copy stored offsite. The final 1 in the equation is immutable object storage. Let’s break down the advantages of the 3-2-1-1 strategy.

  • By maintaining multiple copies of your data, you can ensure that you have a backup available in case one copy is lost or corrupted. It is imperative in the event of a wiper attack, which destroys or erases data.
  • Storing your data on different media types also helps protect against wiper attacks. For example, you might keep one copy of your data on a hard drive, another at a cloud-based storage service, and the third on a removable drive or tape. This way, if one type of media is compromised, you still have access to your data through the other copies.
  • Keeping at least one copy of your data offsite, either in a physical location or in the cloud, provides an additional layer of protection. If a wiper attack destroys on-site copies of your data, you’ll still have access to your offsite backup.
  • The final advantage is immutable object storage. Immutable object storage involves continuously taking snapshots of your data every 90 seconds, ensuring that you can quickly recover it even during a wiper attack. This next-generation data-security tool helps to safeguard your information and protect it from loss or damage.

3: Air gap your networks:   Air gapping is an efficient and effective method for protecting backup data against wiper attacks. There are two types of air gapping: traditional physical and logical air gapping. Physical air gapping involves disconnecting a digital asset from all other devices and networks, creating a physical separation between a secure network and any other computer or network. You can store backup data on media such as tape or disk, then completely disconnect these media from your production IT environment.

Logical air gapping, on the other hand, relies on network and user-access controls to isolate backup data from the production IT environment. Data is pushed to its intended destination, such as an immutable storage or custom appliance, through a one-way street and can only be managed or modified through separate authentication channels.

The beauty of air gapping is that it renders your data almost invisible to wiper malware attacks, making it nearly impossible for the bad guys to compromise your backups.

Final Takeaway

The increasing spread of wiper malware in the wild is a stark reminder of the dangerous landscape organisations face when protecting their data. A solid, well-managed data backup and recovery plan is the key to ensuring data safety in the face of today’s growing array of threats.

No matter what tactics cybercriminals may use to disrupt your access to your data, a robust backup and recovery plan will keep your data secure.

Florian Malecki is Executive Vice President of Marketing at Arcserve

You Might Also Read:  

Five Data Security Trends Organisations Must Deal With:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Internet of Vehicles - Connected Cars
NATO - AI Cyber Attacks Are A Critical Threat »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Landry & Associates

Landry & Associates

Landry & Associates is a multidisciplinary firm specializing in risk management, performance and technology management.

ISO Quality Services Ltd

ISO Quality Services Ltd

ISO Quality Services is an independent organisation that specialises in the implementation, certification and continued auditing of ISO and BS EN Management Standards including ISO 27001..

Microsoft Security

Microsoft Security

Microsoft Security helps protect people and data against cyberthreats to give you peace of mind. Safeguard your people, data, and infrastructure.

Nixu

Nixu

Nixu is the largest Nordic specialist company in information security consulting.

Federation of Finnish Technology Industries

Federation of Finnish Technology Industries

The Federation of Finnish Technology Industries is the lobbying organisation for technology industry companies in Finland.

AppSec Labs

AppSec Labs

AppSec Labs specialise in application security. Our mission is to raise awareness in the software development world to the importance of integrating software security across the development lifecycle.

Clavis Information Security

Clavis Information Security

Clavis is an Information Security company offering a complete portfolio of solutions from Pentesting and Security Assessments to Managed Security Services and Training.

Department of Justice - Office of Cybercrime (DOJ-OOC)

Department of Justice - Office of Cybercrime (DOJ-OOC)

The Office of Cybercrime within the Philippines Department of Justice is the Central Authority in all matters relating to international mutual assistance and extradition for cybercrime.

Pragma Strategy

Pragma Strategy

Pragma is a CREST approved global provider of cybersecurity solutions. We help organisations strengthen cyber resilience and safeguard valuable information assets with a pragmatic approach.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

eaziSecurity

eaziSecurity

eaziSecurity has built an eco-system of technology and services that bring enterprise scale security solutions to the SME marketplace.

Assured Clarity

Assured Clarity

Assured Clarity are a global consultancy, specialising in Risk Management and Data Privacy, through Education, Awareness and Training, throughout an organisation.

NETAND

NETAND

NETAND privileged access and identity management solutions will secure your business from cyber threats.

Framework Security

Framework Security

With Framework Security, you get more than a consultancy; you get a partner dedicated to simplifying cybersecurity and protecting your business in the most efficient way possible.

Security Awareness Special Interest Group (SASIG)

Security Awareness Special Interest Group (SASIG)

The Security Awareness Special Interest Group (SASIG) addresses the human aspects of security and fraud prevention in an initiative to improve trust and confidence in the online environment.

Panoptic Cyber

Panoptic Cyber

Panoptic Cyber are a team of elite Armed Forces Veterans who hold a wealth of experience in Information Security, Cyber Security, Data Protection and Risk Management.