IsraByte Malware Destroys Files for Political Reasons

Cybercriminals have been targeting specific communities in recent days. Polski ransomware has mainly targeted Polish users. NotPetya targeted Ukrainians. IsraByte is a new tool designed to make life difficult for Israelis. It is a data wiper disguised as ransomware, making it a highly potent threat. Security researchers came across this malware not too long ago, and it appears a dedicated distribution campaign is underway.

IsraByte is a Serious Threat

No one should take IsraByte lightly right now, as it could prove to be a major problem for any infected user. The malware is designed to steal and wipe data from infected systems, even though it disguises itself as a new ransomware strain. It appears that IsraByte has been around since last month but only recently gained attention. This malware will cause a lot of problems in the future; that much is evident.

New types of malware are never released without a well-thought-out plan. In the case of IsraByte, the distribution of this malware comes at a time at which Israel has suffered from the umpteenth major political incident caused by the country’s officials. Israeli officials installed new security measures at the Al-Aqsa mosque in Jerusalem, which was widely considered a major intrusion at a major Islamic holy site. Indeed, security cameras at one of the world’s most famous mosques sound like something designed to stir up the community.

This does seem to indicate that Palestinian developers are behind the IsraByte malware, although that has not been officially confirmed. Considering that it is a data wiper toolkit, its consequences could be quite significant. IsraByte is a modular type of malware, meaning it can take on many different functions. In fact, the functionality of this data wiper is presently spread across five different executables.

Once the IsraByte executable is launched, it will start slowly deleting files on the infected system. It will also get rid of any information stored on attached drives, including USB and Internet-connected shares. Indeed, no data is safe. All of the files will have their contents replaced by a random string which includes “Fuck Israel” and the threat that files will “never be recovered until Israel disappears.” It is a disturbing concept that clearly gets the message across.

And that is why IsraByte is not your average ransomware strain. No files are encrypted, but they are utterly destroyed and rendered useless. After all files on the computer and drives are destroyed completely, four new executables will be launched. Every executable has its own purpose, including changing the desktop wallpaper and copying the IsraByte executable to the root of other drives in order to spread the malware. This malware has a lot of potential in the long run, although it will continue to target Israelis first and foremost.

The final executable will display a ransomware screen. However, there are no payment instructions provided. Rather, the criminals simply inform victims that they can only recover files once Palestine has been recovered and security cameras at the Al-Aqsa mosque are removed. It is doubtful that will happen anytime soon, and thus the malware will not succeed at achieving its goal. This is a worrisome trend regardless, as data wipers are a very real threat nowadays.