RURansom Wiper

The emergence of the RURansom wiper on March 1, 2022, represents one of the first uses of a wiper by pro-Ukrainian hacktivists, and may portend a new phase in the ongoing cyber campaign against Russia. Despite the name, RURansom functions as a wiper, and offers victims no opportunity to pay to have their systems decrypted. The malware appears to check victim’s systems for a Russian IP address, and if it doesn’t find one, the malware halts execution. The malware creators also appear to be actively releasing new versions of the wiper, and it may only grow more potent over time.