New GigaWiper Virus Can Completely Destroy Computers, Microsoft Warns
Translated from English, summarized and contextualized by DistantNews.
At a glance
- Microsoft Threat Intelligence specialists detected a new, multifunctional malware called GigaWiper in October 2025.
- GigaWiper can destroy a computer by deleting hard drive data, encrypting files with unrecoverable keys, and hiding its activity.
- The virus primarily targets organizations and large companies, with experts recommending regular updates, backups, and cyberattack detection tools.
A new, highly destructive malware named GigaWiper has emerged, capable of completely destroying a computer's hard drive and rendering files irrecoverable. Microsoft Threat Intelligence specialists first detected activity linked to the virus in October 2025, but only recently disclosed its capabilities.
GigaWiper is not an ordinary virus, but multifunctional malware.
GigaWiper is not a typical virus but a multifunctional piece of malware. It can directly access and repeatedly overwrite data on a hard drive, making file restoration nearly impossible. The virus also possesses capabilities such as taking screenshots, recording screen activity, remote computer control, system information collection, Windows registry modification, and deleting event logs to hide its tracks.
After that, the computer restarts, and restoring files using standard methods becomes almost impossible.
Further complicating recovery, GigaWiper can encrypt files, appending them with the .candy extension. Unlike standard ransomware, the encryption keys are randomly generated and not stored, meaning the data cannot be restored. To maintain persistence, the malware creates a disguised task in Windows Task Scheduler called "OneDrive Update." It also uses RabbitMQ and Redis services for communication with attacker servers, making its network activity difficult to detect within corporate networks.
To establish persistence in the system, the malware creates a task in Windows Task Scheduler called OneDrive Update, disguising itself as a regular update.
Microsoft notes that GigaWiper combines components from previously known malware, including the Crucio ransomware and FlockWiper wiper virus. Currently, the virus is primarily used in targeted attacks against organizations and large companies, with no signs of widespread distribution among home Windows users. Experts advise regular software updates, avoiding suspicious attachments, and maintaining data backups. Companies are also urged to implement modern cyberattack detection tools and monitor for unusual network connections and tasks in Windows Task Scheduler.
GigaWiper is currently used mainly in targeted attacks against organizations and large companies.
Originally published by Tengrinews in English. Translated, summarized, and contextualized by our editorial team with added local perspective. Read our editorial standards.