🟠 High | Source: The Hacker News
Microsoft has analysed a new Windows backdoor called GigaWiper that combines three destructive capabilities — full disk wiping, Windows drive overwriting, and fake ransomware that encrypts files without saving the decryption key — into a single operator-controlled toolkit. Because the encryption key is discarded, victims cannot recover files even if they pay a ransom, making it a pure destructive tool masquerading as financially motivated malware. The modular design lowers the bar for threat actors to cause irreversible damage to targeted systems.
Security Architect’s Take: Prioritise immutable, offsite backups for Windows workloads — including cloud-hosted VMs — that cannot be reached or deleted by a compromised host, and validate recovery procedures regularly. Review endpoint detection coverage for disk-write and volume shadow copy deletion events, as these are reliable early indicators of wiper-class malware regardless of ransomware branding.
Original advisory: New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware