Wiper
Shamoon
First seen: 2012-08 • Status: inactive
Currently Inactive
Shamoon destroyed 35,000 computers at Saudi Aramco in 2012. It is believed to be an Iranian government weapon.
Overview
Shamoon is a destructive wiper attributed to Iran. It famously wiped 35,000 computers at Saudi Aramco. Variants appeared in 2016 and 2018.
Also Known As
Disttrack, W32.Disttrack
How It Spreads
- • Network propagation
- • Scheduled execution
What It Does
- • Wipes hard drives
- • Overwrites MBR
- • Timed destruction
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for MBR overwrite attempts
- • Watch for mass file deletion
MITRE ATT&CK Techniques
T1561, T1021
If You're Infected
- 1.
Data destruction is permanent
- 2.
Restore from offline backups
Related Malware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required