Adversaries may wipe or corrupt raw disk data on specific systems or in large numbers in a network to interrupt availability to system and network resources. With direct write access to a disk, adversaries may attempt to overwrite portions of disk data. Adversaries may opt to wipe arbitrary portions of disk data and/or wipe disk structures like the master boot record (MBR). A complete wipe of all disk sectors may be attempted.
To maximize impact on the target organization in operations where network-wide availability interruption is the goal, malware used for wiping disks may have worm-like features to propagate across a network by leveraging additional techniques like Valid Accounts, OS Credential Dumping, and SMB/Windows Admin Shares.(Citation: Novetta Blockbuster Destructive Malware)
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| actifio_go | Actifio Go | technique_scores | T1561 | Disk Wipe |
Comments
Actifio is a copy data management plaform that virtualizes application data to improve an organizations resiliency and cloud mobility. Actifio allows an organization to take regular backups and provides several methods of restoring applications and/or VM data to a previous state. This provide significant capability to respond to a Disk Wipe since an organization could restore wiped data back to the latest backup.
References
|