Mayors' offices and courts in Russia are under attack by never-before-seen malware that poses as ransomware but is actually a wiper that permanently destroys data on an infected system, according to security company Kaspersky and the Izvestia news service.Additional details, including how many organizations have been hit and whether the malware successfully wiped data, weren’t immediately known.Four years later, a new variant of Shamoon returned and struck multiple organizations in Saudi Arabia.“After examining a sample of malware, we found out that this Trojan, although it masquerades as a ransomware and extorts money from the victim for ‘decrypting’ data, does not actually encrypt, but purposefully destroys data in the affected system,” Kaspersky’s report stated.“Moreover, an analysis of the Trojan's program code showed that this was not a developer's mistake, but his original intention.”CryWiper bears some resemblance to IsaacWiper, which targeted organizations in Ukraine."