Iranian computers are being targeted by malware that wipes entire disk partitions clean, according to an advisory issued by that country’s Computer Emergency Response Team Coordination Center.
Dubbed Batchwiper, the malware systematically wipes any drive partitions starting with the letters D through I, along with any files stored on the Windows desktop of the user who is logged in when it’s executed, according to security researchers who independently confirmed the findings
For some reason I can’t find any sympathy for the targeted users.
“Despite its simplicity in design, the malware is efficient and can wipe disk partitions and user profile directories without being recognized by antivirus,” the Iranian CERT advisory, which was published on Sunday, stated.
They must have found it by doing a search of all files after at least one machine was wiped. The poor IT guy I do sympathize with.
One reason I have explorer set to show hidden files and file extensions.
Via Israel Matzav