🟠 High  |  Source: The Hacker News


Microsoft has analysed a new Windows backdoor called GigaWiper that combines three destructive capabilities — full disk wiping, Windows drive overwriting, and fake ransomware that encrypts files without saving the decryption key — into a single operator-controlled toolkit. Because the encryption key is discarded, victims cannot recover files even if they pay a ransom, making it a pure destructive tool masquerading as financially motivated malware. The modular design lowers the bar for threat actors to cause irreversible damage to targeted systems.

Security Architect’s Take: Prioritise immutable, offsite backups for Windows workloads — including cloud-hosted VMs — that cannot be reached or deleted by a compromised host, and validate recovery procedures regularly. Review endpoint detection coverage for disk-write and volume shadow copy deletion events, as these are reliable early indicators of wiper-class malware regardless of ransomware branding.

Original advisory: New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware