GigaWiper Malware Wipes Windows Systems, Displays Fake Ransomware Notes
Key Takeaways GigaWiper is a sophisticated, multi-functional malware targeting Windows systems. It combines disk wiping, irreversible file encryption (masquerading as ransomware), and system...
Key Takeaways
- GigaWiper is a sophisticated, multi-functional malware targeting Windows systems.
- It combines disk wiping, irreversible file encryption (masquerading as ransomware), and system disruption.
- First observed in October 2025, GigaWiper is a Golang-based backdoor that offers extensive remote control and data destruction capabilities.
- The malware’s destructive actions are designed to cause irreversible damage and significant operational outages.
- Organizations must implement robust detection, isolation, and recovery strategies to mitigate its impact.
A new, highly destructive malware variant, dubbed GigaWiper, has been identified as a significant threat to Windows environments. Unlike typical ransomware that aims for financial gain through data encryption and subsequent decryption for a fee, GigaWiper’s primary objective is to render systems and data unrecoverable, causing severe operational disruptions.
This advanced threat showcases a concerning evolution in destructive malware, integrating multiple attack methodologies into a single, potent package. Its capabilities extend beyond mere data theft or screen locking, allowing it to erase disks and scramble files with no possibility of recovery, leading to abrupt and critical system outages for affected organizations.
Microsoft security researchers first detected environments being wiped by GigaWiper in October 2025, indicating a shift by attackers from initial access to direct, destructive impact. The campaign leverages a backdoor written in Golang, designed for persistent presence, command execution, data collection, and ultimately, the initiation of destructive operations at the attackers’ discretion. This adaptability significantly escalates the risk for Windows networks, as detailed in a comprehensive report on GigaWiper malware attacking Windows systems.
Analysts at Microsoft have characterized GigaWiper as a sophisticated backdoor, meticulously assembled from components of various malware families. As Microsoft said in a report, this modular design grants its operators diverse capabilities, including extensive system control, covert surveillance, and the ability to inflict irreparable damage on demand.
What differentiates GigaWiper from other destructive malware is its comprehensive suite of damaging features. It integrates multiple routines: physical disk wiping, a file encryption function that mimics ransomware but offers no recovery, and a multi-pass Windows drive wiper. This combination allows the implant to support prolonged intrusion activities before initiating a swift and devastating disruptive phase.
GigaWiper Malware Attacking Windows Systems
GigaWiper’s core wiping mechanism targets physical drives, specifically identifying the disk hosting the Windows operating system. It systematically eradicates partition references from other drives, then overwrites raw disk content in large blocks before forcing a system reboot. This method doesn’t merely delete files; it fundamentally corrupts the underlying structures essential for Windows system and data functionality, as detailed in the Microsoft report.
Another deceptive tactic employed by GigaWiper is its file encryption routine. It encrypts files using randomly generated keys that are never stored, then appends a “.candy” extension to the filenames. While this behavior visually resembles ransomware, there is no corresponding ransom note or viable path for data recovery. Victims are led to believe they might have options, only to discover their files are permanently inaccessible.
Beyond data destruction, the backdoor can severely impair a system’s boot capabilities by deleting critical recovery, boot, and kernel files. It also clears Windows event logs, making incident response significantly more challenging and exacerbating the overall impact of an attack. Furthermore, the malware supports a wide array of remote control functions, including screen capture, screen recording, arbitrary command execution, system discovery, and management of services and Registry entries, as noted in the <a href="https://ppl-ai-file-upload.s3.amazonaws.com/web/direct-files/attachments/11146061/96d902a5-12cb-40bb-b518-e5e430fbb1f8/GigaWiper-Malware-Attacking-Windows-Systems-With-Data-Wipers-and-Fake-Ransomware-Notices.pdf?AWSAccessKeyId=ASIA2F3EMEYETA2QKGOD&Signature=9YDDmLq3tNEp8Xap93QeUGkFYrM%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEOn%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIGi%2FMJ0AWN64H3GMXqDEthH%2BII7VUuQkQjLiqd5u70gaAiEA7YR4FslO0gYJQNxX%2BOPzgE%2BIdCjoWkbAmd%2BWHFgi8xcq%2FAQIsv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDAeGSQU1a8irhHDRTSrQBLoAb4qM9%2BqOIN%2FyQljnKfSJ3dp3%2FgK81Q1HbRxG3t%2FUKFMo39xpDtvNL%2BOZ6oZUTb%2BWNTL%2Fh5qpGrteYcRErW%2F20bd03Pyku9Hv8JJWVe8T7Y9ObLCoexVI5zDHeJzC5oevkJ0tRYF3oniMEN%2F7uF8DVLchZmeLzf9DW0k37cu0hYyPm
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.