{"id":49580,"date":"2022-12-05T21:09:48","date_gmt":"2022-12-05T21:09:48","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/wiper-disguised-fake-ransomware-targets-russian-orgs"},"modified":"2022-12-05T21:09:48","modified_gmt":"2022-12-05T21:09:48","slug":"wiper-disguised-as-fake-ransomware-targets-russian-orgs","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/","title":{"rendered":"Wiper, Disguised as Fake Ransomware, Targets Russian Orgs"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt296fa94fbc879ef4\/63641807c89439760c05fe53\/ransomware_Photon_photo_shutterstock.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Companies infected with purported ransomware may no longer have an option to pay a ransom.<\/p>\n<p>A new malicious program acts exactly like crypto-ransomware \u2014 overwriting and renaming files, then dropping a text file with a ransom note and a Bitcoin address for payment \u2014 but the program instead deletes the contents of a victim&#8217;s files. The program, CryWiper, currently targets Russian organizations but could easily be used against companies and organizations in other nations, according to cybersecurity firm Kaspersky, which analyzed the program.<\/p>\n<p>The camouflaged wiper program continues a trend in ransomware being used \u2014 intentionally or inadvertently \u2014 as a wiper, the company&#8217;s researchers stated in the analysis.<\/p>\n<p>&#8220;In the past, we&#8217;ve seen some malware strains that became wipers by accident \u2014 due to mistakes of their creators who poorly implemented encryption algorithms,&#8221; the <span>researchers<\/span> wrote. &#8220;However, this time it\u2019s not the case: our experts are confident that the main goal of the attackers is not financial gain, but destroying data. The files are not really encrypted; instead, the Trojan overwrites them with pseudo-randomly generated data.&#8221;<\/p>\n<p>Malware that deletes critical data, referred to as wipers, have become a significant threat for both the private and the public sector. Wipers have been <a href=\"https:\/\/www.darkreading.com\/microsoft\/what-every-enterprise-can-learn-from-russia-s-cyber-assault-on-ukraine\" target=\"_blank\" rel=\"noopener\">used by Russian agencies in the conflict with Ukraine<\/a> in an attempt to disrupt the country&#8217;s critical services and their defensive coordination. A decade ago, Iran used the Shamoon wiper program to encrypt and make useless <a href=\"https:\/\/www.darkreading.com\/endpoint\/wipermania-malware-potent-threat-since-shamoon\" target=\"_blank\" rel=\"noopener\">more than 30,000 hard drives<\/a> at rival nation Saudi Arabia&#8217;s state-owned oil conglomerate, Saudi Aramco.<\/p>\n<p>The latest attack targeted a Russian organization, the Kaspersky researchers stated in their analysis, suggesting that it could be retribution by Ukrainian forces or partisan hackers.<\/p>\n<p>&#8220;Given the blanket cover that is used \u2014 pretending to be ransomware \u2014 and the limited time it takes to write a simple wiper, it seems like anyone can be behind this attack,&#8221; Max Kersten, a malware researcher at cybersecurity firm Trellix. &#8220;Kaspersky indicates the victims are Russian, meaning anti-Russian activists, pro-Ukrainian activists, Ukraine as a state, or states supporting Ukraine, could be behind it, as I see it.&#8221;<\/p>\n<h2 class=\"regular-text\">Fake Ransomware or Lazy Criminals?<\/h2>\n<p>CryWiper is the latest attack program that appears to be ransomware but actually acts as a wiper instead. While past examples often deleted data because of a developer error, CryWiper&#8217;s creator intended its functionality, according to <a href=\"https:\/\/securelist-ru.translate.goog\/novyj-troyanec-crywiper\/106114\/?_x_tr_sl=ru&amp;_x_tr_tl=en&amp;_x_tr_hl=en&amp;_x_tr_pto=wapp\" target=\"_blank\" rel=\"noopener\">a translation of Kaspersky&#8217;s Russian analysis<\/a>.<\/p>\n<p>&#8220;After examining a sample of malware, we found out that this Trojan, although it masquerades as a ransomware and extorts money from the victim for &#8216;decrypting&#8217; data, does not actually encrypt, but purposefully destroys data in the affected system,&#8221; Kaspersky stated. &#8220;Moreover, an analysis of the Trojan&#8217;s program code showed that this was not a developer&#8217;s mistake, but his original intention.&#8221;<\/p>\n<p>CryWiper is not the first ransomware program to overwrite data without allowing for its decryption. Another recently discovered program, W32\/Filecoder.KY!tr, also overwrites files, but in this case, because of poor programming, the data cannot be recovered.<\/p>\n<p>&#8220;The ransomware was not intentionally turned into a wiper. Instead, the lack of quality assurance led to a sample that did not work correctly,&#8221; Fortinet researcher Gergely Revay <a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/The-story-of-a-ransomware-turning-into-an-accidental-wiper\" target=\"_blank\" rel=\"noopener\">stated in an analysis<\/a>. &#8220;The problem with this flaw is that due to the design simplicity of the ransomware if the program crashes \u2014 or is even closed \u2014 there is no way to recover the encrypted files.&#8221;<\/p>\n<h2 class=\"regular-text\">Similarities to Previous Ransomware<\/h2>\n<p>CryWiper appears to be an original piece of malware, but the destructive malware uses the same pseudo-random number generator (PRNG) algorithm as IsaacWiper, a program used to attack public-sector organizations in Ukraine, while CryWiper appears to have attacked a group in the Russian Federation, Kaspersky stated the Russian analysis.<\/p>\n<p>Several variants of the Xorist ransomware family and the Trojan-Ransom.MSIL.Agent family used the same email address in the note left behind by the CryWiper following its corruption of data, but Trellix&#8217;s Kersten believes that could have intended to cause confusion.<\/p>\n<p>&#8220;The re-use of the email address in the ransom note in different samples could be done to throw off analysts who are looking to connect the dots, or it could be an actual mistake,&#8221; he says. &#8220;The latter, I think, is less likely as the malware&#8217;s code contains some mistakes showing it hasn&#8217;t been tested thoroughly, which makes me think the creator [or creators] were under the pressure of time.&#8221;<\/p>\n<p>In the past, companies targeted with ransomware have agonized over the decision of whether to pay ransomware groups to use backups and offline copies to recover from a crypto-ransomware event.<\/p>\n<p>&#8220;CryWiper positions itself as a ransomware program, that is, it claims that the victim&#8217;s files are encrypted and, if a ransom is paid, they can be restored. However, this is a hoax: in fact, the data is destroyed and cannot be returned,&#8221; Kaspersky stated. &#8220;The activity of CryWiper once again shows that the payment of the ransom does not guarantee the recovery of files.&#8221;<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/wiper-disguised-fake-ransomware-targets-russian-orgs\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The program, dubbed CryWiper, is aimed at Russian targets; it requests a ransom but has no way to decrypt any overwritten files.Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/wiper-disguised-fake-ransomware-targets-russian-orgs\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-49580","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Wiper, Disguised as Fake Ransomware, Targets Russian Orgs 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Wiper, Disguised as Fake Ransomware, Targets Russian Orgs 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-05T21:09:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt296fa94fbc879ef4\/63641807c89439760c05fe53\/ransomware_Photon_photo_shutterstock.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Wiper, Disguised as Fake Ransomware, Targets Russian Orgs\",\"datePublished\":\"2022-12-05T21:09:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\\\/\"},\"wordCount\":835,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt296fa94fbc879ef4\\\/63641807c89439760c05fe53\\\/ransomware_Photon_photo_shutterstock.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\\\/\",\"name\":\"Wiper, Disguised as Fake Ransomware, Targets Russian Orgs 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt296fa94fbc879ef4\\\/63641807c89439760c05fe53\\\/ransomware_Photon_photo_shutterstock.jpg\",\"datePublished\":\"2022-12-05T21:09:48+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt296fa94fbc879ef4\\\/63641807c89439760c05fe53\\\/ransomware_Photon_photo_shutterstock.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt296fa94fbc879ef4\\\/63641807c89439760c05fe53\\\/ransomware_Photon_photo_shutterstock.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Wiper, Disguised as Fake Ransomware, Targets Russian Orgs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Wiper, Disguised as Fake Ransomware, Targets Russian Orgs 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/","og_locale":"en_US","og_type":"article","og_title":"Wiper, Disguised as Fake Ransomware, Targets Russian Orgs 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-12-05T21:09:48+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt296fa94fbc879ef4\/63641807c89439760c05fe53\/ransomware_Photon_photo_shutterstock.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Wiper, Disguised as Fake Ransomware, Targets Russian Orgs","datePublished":"2022-12-05T21:09:48+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/"},"wordCount":835,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt296fa94fbc879ef4\/63641807c89439760c05fe53\/ransomware_Photon_photo_shutterstock.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/","url":"https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/","name":"Wiper, Disguised as Fake Ransomware, Targets Russian Orgs 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt296fa94fbc879ef4\/63641807c89439760c05fe53\/ransomware_Photon_photo_shutterstock.jpg","datePublished":"2022-12-05T21:09:48+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt296fa94fbc879ef4\/63641807c89439760c05fe53\/ransomware_Photon_photo_shutterstock.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt296fa94fbc879ef4\/63641807c89439760c05fe53\/ransomware_Photon_photo_shutterstock.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/wiper-disguised-as-fake-ransomware-targets-russian-orgs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Wiper, Disguised as Fake Ransomware, Targets Russian Orgs"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49580","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=49580"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49580\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=49580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=49580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=49580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}