Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Linux Kernel FUSE Vulnerability (CVE-2023-XXXX) Lets Attackers Gain Root Privileges
July 10, 2026
Critical GNU Guix Vulnerabilities Let Attackers Elevate Privileges
July 10, 2026
Critical Windows Shortcut Vulnerability Allows Remote Code Execution
July 10, 2026
Home/Threats/GigaWiper Malware Wipes Windows Systems, Displays Fake Ransomware Notes
Threats

GigaWiper Malware Wipes Windows Systems, Displays Fake Ransomware Notes

Key Takeaways GigaWiper is a sophisticated, multi-functional malware targeting Windows systems. It combines disk wiping, irreversible file encryption (masquerading as ransomware), and system...

Emy Elsamnoudy
Emy Elsamnoudy
July 10, 2026 3 Min Read
6 0

Key Takeaways

  • GigaWiper is a sophisticated, multi-functional malware targeting Windows systems.
  • It combines disk wiping, irreversible file encryption (masquerading as ransomware), and system disruption.
  • First observed in October 2025, GigaWiper is a Golang-based backdoor that offers extensive remote control and data destruction capabilities.
  • The malware’s destructive actions are designed to cause irreversible damage and significant operational outages.
  • Organizations must implement robust detection, isolation, and recovery strategies to mitigate its impact.

A new, highly destructive malware variant, dubbed GigaWiper, has been identified as a significant threat to Windows environments. Unlike typical ransomware that aims for financial gain through data encryption and subsequent decryption for a fee, GigaWiper’s primary objective is to render systems and data unrecoverable, causing severe operational disruptions.

This advanced threat showcases a concerning evolution in destructive malware, integrating multiple attack methodologies into a single, potent package. Its capabilities extend beyond mere data theft or screen locking, allowing it to erase disks and scramble files with no possibility of recovery, leading to abrupt and critical system outages for affected organizations.

Microsoft security researchers first detected environments being wiped by GigaWiper in October 2025, indicating a shift by attackers from initial access to direct, destructive impact. The campaign leverages a backdoor written in Golang, designed for persistent presence, command execution, data collection, and ultimately, the initiation of destructive operations at the attackers’ discretion. This adaptability significantly escalates the risk for Windows networks, as detailed in a comprehensive report on GigaWiper malware attacking Windows systems.

Analysts at Microsoft have characterized GigaWiper as a sophisticated backdoor, meticulously assembled from components of various malware families. As Microsoft said in a report, this modular design grants its operators diverse capabilities, including extensive system control, covert surveillance, and the ability to inflict irreparable damage on demand.

What differentiates GigaWiper from other destructive malware is its comprehensive suite of damaging features. It integrates multiple routines: physical disk wiping, a file encryption function that mimics ransomware but offers no recovery, and a multi-pass Windows drive wiper. This combination allows the implant to support prolonged intrusion activities before initiating a swift and devastating disruptive phase.

GigaWiper Malware Attacking Windows Systems

GigaWiper’s core wiping mechanism targets physical drives, specifically identifying the disk hosting the Windows operating system. It systematically eradicates partition references from other drives, then overwrites raw disk content in large blocks before forcing a system reboot. This method doesn’t merely delete files; it fundamentally corrupts the underlying structures essential for Windows system and data functionality, as detailed in the Microsoft report.

Another deceptive tactic employed by GigaWiper is its file encryption routine. It encrypts files using randomly generated keys that are never stored, then appends a “.candy” extension to the filenames. While this behavior visually resembles ransomware, there is no corresponding ransom note or viable path for data recovery. Victims are led to believe they might have options, only to discover their files are permanently inaccessible.

Beyond data destruction, the backdoor can severely impair a system’s boot capabilities by deleting critical recovery, boot, and kernel files. It also clears Windows event logs, making incident response significantly more challenging and exacerbating the overall impact of an attack. Furthermore, the malware supports a wide array of remote control functions, including screen capture, screen recording, arbitrary command execution, system discovery, and management of services and Registry entries, as noted in the <a href="https://ppl-ai-file-upload.s3.amazonaws.com/web/direct-files/attachments/11146061/96d902a5-12cb-40bb-b518-e5e430fbb1f8/GigaWiper-Malware-Attacking-Windows-Systems-With-Data-Wipers-and-Fake-Ransomware-Notices.pdf?AWSAccessKeyId=ASIA2F3EMEYETA2QKGOD&Signature=9YDDmLq3tNEp8Xap93QeUGkFYrM%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEOn%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIGi%2FMJ0AWN64H3GMXqDEthH%2BII7VUuQkQjLiqd5u70gaAiEA7YR4FslO0gYJQNxX%2BOPzgE%2BIdCjoWkbAmd%2BWHFgi8xcq%2FAQIsv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDAeGSQU1a8irhHDRTSrQBLoAb4qM9%2BqOIN%2FyQljnKfSJ3dp3%2FgK81Q1HbRxG3t%2FUKFMo39xpDtvNL%2BOZ6oZUTb%2BWNTL%2Fh5qpGrteYcRErW%2F20bd03Pyku9Hv8JJWVe8T7Y9ObLCoexVI5zDHeJzC5oevkJ0tRYF3oniMEN%2F7uF8DVLchZmeLzf9DW0k37cu0hYyPm

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackMalwareransomwareSecurityThreat

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

Critical Django SQL Injection Vulnerability Actively Exploited

Next Post

Ransomware Negotiator Jailed for Aiding BlackCat Attacks

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
New Windows Process Injection Technique Evades 4 EDR Solutions
July 10, 2026
Xalgorix AI Tool Vulnerability Exposes Sensitive Data
July 10, 2026
Odyssey Stealer Targets macOS Users and 300 Crypto Wallet Extensions Globally
July 10, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us