Most people get nightmares when it crosses their mind that some of their files (photos, certificates, invoices, drafts, projects…) might go missing. So, this means that the fact that there is a malware entity out there that can wipe a computer clean is a big cause for concern.
Data Wiping Malware
Dustman is a data wiping malware program that was developed in Iran and was first used to target BAPCO, Bahrain’s national oil company on December 2019. The Bahrainis were able to detect and stop the malware but not before it did some significant damages to one of their modules. The name indicators of Dustman are dustman.exe, agent.exe, elrawdsk.exe, assistant.sys, and elrawdsk.exe.
The virus is an evolved version of ZeroCleare as the two malware share sizeable chunks of code. But unlike ZeroCleare, Dustman is optimized to deliver all drivers and payload in a single executable file. Another difference between the two malware entities is that Dustman will only overwrite that data while ZeroCleare does so by writing garbage code.
The main component that the two malware strains share is a legitimate software called EldoS RawDisk, a tool kit that is used for interacting with files, disks, and partitions. Each malware strain then uses different exploits to infect the computers that it targets.
So far, the top targets for the Dustman malware attack have been oil companies in the Middle East. Security experts see the malware attacks as a strategy by the Iranian regime to gain market share, disrupt operations, or achieve other strategic goals against rivals in the region.
It is not the first time that the Iranians have deployed a data wiping malware against adversaries in the region. The first such incidence incident happened in 2012 when they deployed a malware called Shamoon (also known as Disttrack). This one was responsible for wiping out data in some 32000 computers belonging to the Saudi Aramco oil company. In subsequent years, improved versions of the Shamoon virus (Shamoon v2 and Shamoon v3) were also released.
Dustman Security Best Practices
What can you do to prevent the Dustman data-wiping malware? First of all, it is unlikely that the Iranians are going to be targeting the average computer user, but that doesn’t mean that you should be complacent when it comes to your device security. Here are a few things that you can begin by doing:
· Scan your computer with an anti-malware software as often as you can
Most malware are able to stay hidden, or ‘live off the land’ because they can disable anti-malware protections. Thus, you might never know about a festering infection unless you make the effort to try and scan your computer with a powerful anti-malware software such as Outbyte Anti-Malware. If the anti-malware software is disabled, it will inform of you of this.
· Verify the authenticity of the emails that you receive
Should a strange email land on your inbox, take the time to verify its authenticity. Most malware programs are spread through phishing campaigns and it is likely that the Dustman data wiping malware is spread in the same way.
· Store your documents in the cloud
You don’t have to use the cloud all the time, but always have a copy of your most important files in a backup somewhere. That way, even if they are compromised, you can easily bounce back.
· Clean your computer often
By cleaning your computer with a PC repair tool, you will be removing any apps that you are not using, deleting junk files, and repairing broken or corrupt registry entries. Removing apps that you no longer use is important because you shall also be removing potential vulnerabilities that malware entities might exploit to infect your system.
If you work in an office where a bunch of people share computing resources, it is important to agree on a common cybersecurity strategy. The strategy should include things like how to handle portable media, internet downloads, anti-malware software, backups, administrator rights and so on. When everyone is on the same page, it is easier to mitigate risks.
· Buy legitimate software
While pirate sites such as The Pirate Bay are excellent for downloading free stuff, they also pose serious cybersecurity threats given that malware entities are often bundled together with free software downloads. To be on the safe side, just make sure that you buy your own software from a trusted vendor.
· Avoid unsecured sites
Lastly, avoid sites that have no security seal as such sites are often laden with malware entities. Clicking links or adverts on such sites is a very risky affair.