A thread on bleeping computer describes an outburst of a new Wiper Malware. This wiper mimics Ransomware behavior but instead of encrypting the files it fills them with zeros (Nulls).
Our SandBlast Agent Anti-Ransomware zero day prevention detects and remidiate this attack without a need to update or signature usage.
The files are encrypted in our honeypot
![EncryptedFilesnig1a.png EncryptedFilesnig1a.png](https://community.checkpoint.com/t5/image/serverpage/image-id/2073i990999CCBAFE05A9/image-size/large?v=v2&px=999)
File is indeed filled with Nulls and not possible to decrypt
![EncryptedFileWithNulls.png EncryptedFileWithNulls.png](https://community.checkpoint.com/t5/image/serverpage/image-id/2074iAB81A45F32101D11/image-size/large?v=v2&px=999)
SandBlast Agent Anti-Ransomware detects the ransomware process encrypting the files
![EncryptionDetectedBySBAAntiRansomware.png EncryptionDetectedBySBAAntiRansomware.png](https://community.checkpoint.com/t5/image/serverpage/image-id/2075i73C9FA0EA4D98629/image-size/large?v=v2&px=999)
SandBlast Agent restores the files
![EncryptedFileRestored.png EncryptedFileRestored.png](https://community.checkpoint.com/t5/image/serverpage/image-id/2076i2FDE029E604D77E0/image-size/large?v=v2&px=999)
The infection is based on powershell script, I will move next to test this versus our File-Less infection prevention and update.
Thanks,
Gadi