A thread on bleeping computer describes an outburst of a new Wiper Malware. This wiper mimics Ransomware behavior but instead of encrypting the files it fills them with zeros (Nulls).
Our SandBlast Agent Anti-Ransomware zero day prevention detects and remidiate this attack without a need to update or signature usage.
The files are encrypted in our honeypot
File is indeed filled with Nulls and not possible to decrypt
SandBlast Agent Anti-Ransomware detects the ransomware process encrypting the files
SandBlast Agent restores the files
The infection is based on powershell script, I will move next to test this versus our File-Less infection prevention and update.
Thanks,
Gadi
