Olympic Destroyer Data-Wiping Malware Is More Complex Than Previously Thought[bleepingcomputer]
by CIRT Team
The Olympic Destroyer malware that has caused damage to PyeongChang 2018 Winter Olympics computer networks is much more complex than previously thought.
Discovered by Cisco Talos researchers, this malware has been deployed before the start of the Olympics and has caused downtime to internal WiFi and television systems, disrupting some operations during the games’ opening ceremony.
Cisco published an initial analysis (now updated) of this threat yesterday, revealing that Olympic Destroyer was capable of mangling a computer’s data recovery procedures and deleting crucial Windows services, rendering Windows computers unable to boot.
Because Olympic Destroyer was still a new threat, the original analysis was amended today with new information. Three new major pieces of information came to light today.
1. Olympic Destroyer is a data wiper
The biggest update relates to the discovery of a data-wiping mechanism that attempts to delete files on network shares.
“[T]he malware lists mapped file shares and for each share, it will wipe the writable files (using either uninitialized data or 0x00 depending of the file size),” an update to the original Cisco Talos analysis reveals.
While this data-wiping behavior may not delete crucial files needed for an operating system to function, it does delete files shared on network drives, files that are obviously important enough to be shared among Olympic staffers, hence hindering some operations.
For more, click here.