Destructive malware are on the rise since some years. Shamoon, Wannacry, NotPetya, Mirai, Olympic Destroyer and many others, all did the headlines in the media. By attacking corporate network and destroying sensitive data, they cause damages to companies that can be very hard to fix or to solve. When such attacks occur in critical infrastructures, the damage can be way worst and can impact all of a population as we saw with the malware Crash Override that took down Ukrainian power grids.
Some malware are specially created for destruction, other are ransomware masqueraded, some other are designed for DDOS attack. Malicious actors can also use destructive malware to protest or for terrorism without financial motivation.
With the rise of such malware that can take down a whole company it becomes urgently to understand the threat and take the right decisions to protect our data.
How works such malware? What are the difference between them? What are the real goals of such threats?
In this talk, we are going to talk about malware that encrypt, erase or destroy data specially created for sabotage and destruction. With a deep dive analysis, we will show the behind scene of destructive malware and propose a classification. We will also make a return of experience about dealing with such malware on the field. Finally, we will make some gambling to predict the future of such threat as well the trends.