GigaWiper, a New Windows Backdoor, Combines Data-Wiping and Ransomware Capabilities

Views: 85 views

379/69 Monday, July 13, 2026

Microsoft security researchers have reported the discovery of a new Windows backdoor malware family called GigaWiper, developed in Golang. The developers combined code from at least three malware families into a modular tool with multiple capabilities. The malware not only functions as a backdoor that allows attackers to covertly control compromised systems, but also includes ransomware-like data encryption capabilities that prevent victims from decrypting their files, as well as permanent data destruction features. This reflects the evolution of malicious software that combines data destruction objectives with tactical functions in a single program.

Preliminary analysis found that GigaWiper appears in two main executable forms. The first functions as a data-wiping tool that targets physical storage areas by overwriting data and deleting partition structures before immediately forcing the system to restart through Windows functions. The second form is more complex, operating as a backdoor that can persist on the system and establish communication channels with command-and-control servers through RabbitMQ and Redis protocols. This malware can receive and process multiple levels of commands, such as continuously capturing the victim’s screen, performing deep system management, and executing special command scripts, allowing attackers to rapidly escalate the damage.

To prevent and reduce the risk posed by destructive malware of this type, users and network administrators should regularly back up critical data and store backups offline. They should also strengthen monitoring for abnormal network connections, especially traffic related to message queue protocols used by the malware for communication. In addition, administrator account privileges should be restricted to prevent unwanted programs from accessing or modifying partition-level data structures on storage devices.

Source: https://www.theregister.com/security/2026/07/10/destructive-windows-backdoor-stuffs-multiple-wipers-and-ransomware-code-into-a-single-package/5270053