Home / Companies / Crowdstrike / Blog / Post Details
Content Deep Dive

The Anatomy of Wiper Malware, Part 2: Third-Party Drivers

Blog post from Crowdstrike

Post Details
Company
Date Published
Author
Microsoft
Word Count
2,911
Company Posts That Month
Language
English
Hacker News Points
-
Post removed?
No
Summary

CrowdStrike's blog post delves into the intricacies of wiper malware, specifically focusing on how threat actors exploit legitimate third-party kernel drivers to execute malicious activities. These drivers, such as ElRawDisk and EPMNTDRV, enable wipers to operate covertly by bypassing security mechanisms and gaining unrestricted access to disk operations. This method allows malware to destabilize operating systems by wiping raw disk sectors, though it paradoxically offers a slight advantage to victims since system crashes may halt the wiping process, potentially enabling some data recovery. The article highlights several wiper families, including Shamoon, Destover, and ZeroCleare, which utilize these drivers to achieve their destructive objectives. CrowdStrike's Falcon platform is presented as a robust defense, providing continuous monitoring and visibility to counteract such threats effectively.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
AI Agents 1 2,394 1,321 1 -
Zero Trust 1 1,843 1,331 3 +61333%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.