Kaspersky Blog – 12.2.22
Our experts have discovered an attack of a new Trojan, which they’ve dubbed CryWiper. At the first glance, this malware looks like ransomware: it modifies files, adds an additional extension to them, and saves a README.txt file with a ransom note, which contains the bitcoin wallet address, the contact e-mail address of the malware creators, and the infection ID. However, in fact, this malware is a wiper: a file modified by CryWiper cannot be restored to its original state — ever. So if you see a ransom note and your files have a new .CRY extension, don’t hurry to pay the ransom: it is pointless.
Source: CryWiper: false ransomware