Once inside the compromised systems, the hackers deployed malicious software called “RoarBat,” which proceeds to wipe the data from the affected drives. The malware systematically searches for files with various extensions, including .doc, .txt, .jpg, and .xlsx, and uses WinRAR to archive these files while simultaneously deleting them. The malware then erases the archive itself, effectively eliminating all the data on the disk in one go.
In addition to targeting Windows devices, the threat actors have also turned their attention to Linux devices. For Linux, they employ a Bash script and the “dd” utility to overwrite targeted files with zero bytes, making data recovery highly unlikely, if not impossible.
