DEADWOOD Wiper take place of the Apostle Wiper
, which has many logical flaws and it did not work as expected by the attackers named as Agrius. Agrius also utilized DEADWOOD (aka Detbosit), a wiper. It is written in C++ using the Boost libraries. The wiper can be executed in two modes: as a Service and as a Windows Application. When executed DEADWOOD will attempt to overwrite files using random data which unlike ransomware is not recoverable and there is a total loss of data.
DEADWOOD Wiper Signatures
DEADWOOD Wiper Download