Researchers of an Israeli cyber security firm Intezer have discovered a dangerous wiper malware targeting users and spreading anti-Israeli content over the Internet. The malware comes with ransomware capabilities – well kind of.
When a ransomware infection hits devices, it provides users with an option of paying ransom to get their files back. Just like what happened with the Wannacry ransomware attack but in this case, the malware locks files, spreads anti-Israeli content and infects the system in such a way that its data can’t be restored.
The malware works in a way that upon infecting a targeted device, it replaces the files’ content with messages in broken English and Hebrew language. In a conversation with Israeli news site Haaretz, Ari Eitan, director of research at Intezer said that: “It’s not exactly encryption. It simply totally changes the files’ content.”
The message in English according to researchers “Fuck Israel, (username of the victim) You will never recover your files until Israel “disepeare.” While the message in Hebrew says that victim will only get their data back “when we can restore our victims, our souls, our freedom; when we heal Palestine and can recover Al-Aqsa.”
Here is a full preview of the page displayed once the malware takes over an infected device:
Furthermore, the researchers noted that upon infecting, the malware changes the desktop of a targeted device and also with some of the files present in the Downloads directories. However, researchers found that by typing an empty “ClickMe.exe” command it can kill the process of malware.
Another thing noted by researchers is that the malware came out around two weeks ago; the same time when Palestinian worshipers boycotted al-Aqsa mosque compound to protest against Israeli government’s decision to install metal detectors at the site.
At the moment it is unclear who the developer is for this malware. However, based on the content and messages in broken languages it can be assumed that whoever has developed the malware is new to the game.
Those interested in knowing more about the malware can contact the researchers Ari Eitan and IdoNaor on Twitter while its samples are available on VirusTotal, a Google owned platform that analyzes files and URLs enabling the identification of viruses, worms, Trojans and other kinds of malicious content detected by antivirus engines and website scanners.
— Ari Eitan (@arieitan) August 2, 2017
Remember, in the past, Hizbullah and Gaza hackers conducted highly sophisticated malware attacks on Israeli citizens and military by using fake apps and images of IDF’s female soldiers. One of the hackers was also caught hacking Israeli drones while another group was found hacking security cameras in the country to keep an eye on government officials.