It’s ransomware, or maybe a disk wiper, and it’s striking targets in Israel

by
Dan Goodin
from Ars Technica - All content on (#5J818)
GettyImages-937754348-800x457.jpg

Enlarge (credit: Getty Images)

Researchers say they've uncovered never-before-seen disk-wiping malware that's disguising itself as ransomware as it unleashes destructive attacks on Israeli targets.

Apostle, as researchers at security firm SentinelOne are calling the malware, was initially deployed in an attempt to wipe data but failed to do so, likely because of a logic flaw in its code. The internal name its developers gave it was wiper-action." In a later version, the bug was fixed and the malware gained full-fledged ransomware behaviors, including the leaving of notes demanding victims pay a ransom in exchange for a decryption key.

A clear line

In a post published Tuesday, SentinelOne researchers said they assessed with high confidence that, based on the code and the servers Apostle reported to, the malware was being used by a never-before-seen group with ties to the Iranian government. While a ransomware note they recovered suggested that Apostle had been used against a critical facility in the United Arab Emirates, the primary target was Israel.

Read 11 remaining paragraphs | Comments

index?i=rNGmY81NQ3E:NMru6vXPAIQ:V_sGLiPB index?i=rNGmY81NQ3E:NMru6vXPAIQ:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments