A version of an open source ransomware toolkit called Cryptonite has been observed in the wild with wiper capabilities due to its “weak architecture and programming.”
Cryptonite, unlike other ransomware strains, is not available for sale on the cybercriminal underground, and was instead offered for free by an actor named CYBERDEVILZ until recently through a GitHub repository. The source code and its forks have since been taken down.
Written in Python, the malware employs the Fernet module of the cryptography package to encrypt files with a “.cryptn8” extension.
But a new sample analysed by Fortinet FortiGuard Labs has been found to lock files with no option to decrypt them back, essentially acting as a destructive data wiper.
images from Hacker News