After the dreaded and widespread ransomware, which has put hundreds of companies and healthcare infrastructures, crucial during the pandemic, in check around the world, the new frontier of cybercrime are the malicious 'wiper' viruses that have had a boost with the war in Ukraine.
Compared to ransomware that takes devices hostage and a ransom must be paid to get the data back (basically they are used to finance criminal groups) wipers are used in the hybrid war: they permanently erase data by knocking out critical infrastructures.
Most of these viruses acted against Kiev.
According to experts, the advance of wipers over ransomware would also be witnessed by one factor: the significant drop in ransom payments.
In fact, the company Chainalysis says that ransomware groups extorted about $300 million less in 2022 than a year earlier.
And hackers - explains another security company, Nozomi Networks - are "shifting tactics from data theft and DDoS attacks (i.e. Distributed Denial of Service, which put sites out of use, ed) to exploiting wiper malware to cause disruptive attacks on critical infrastructure".
The wiper viruses discovered in the past months are different: they are called WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, Industroyer2, AcidRain.
The latter, in particular, was used in the attack on Viasat's satellite Internet service, which affected several countries including Italy.
The Italian Cybersecurity Agency has also raised an alarm on the spread of wipers, inviting companies and administrations in our country to raise the level of attention.
The latest wiper in chronological order is SwiftSlicer, discovered by Fortinet researchers on January 25, the protagonist of a new cyber assault on Ukraine.
It does not aim for ransoms or monetizations but, in fact, only for the destruction of data, "sabotage and cyber warfare".
“From the point of view of impacts, classic ransomware will most likely remain the most widespread method for the purely economic aspects deriving from cybercrime activity - explains Pierguido Iezzi, CEO of the security company Swascan - The danger that this activity will be flanked by a wiper that will probably have a greater field of action in contexts of cyber war, activism or terrorism with the risk that it could become an additional lever to achieve one's objectives".
Furthermore, the computer security expert explains that another trend that is emerging in the cyber sector is the lowering of the bar of the skills necessary to launch a hacker attack and the fact that the ransomware gangs - those that act precisely to money and extortion and always remain a threat - have "a regenerative power like the mythological nine-headed hydra defeated by Hercules", in practice they give birth to new entities from each seemingly final decapitation.
Examples are Lockbit 3.0 and Babuk, two of the most active groups in the cybercriminal world, which have given rise to five new ransomware gangs, immediately harmful and active.
