ONI ransomware attacks targeting organizations in Japan are also dropping wiper malware which is being used to delete logs and cover the attackers tracks. Researchers at Cybereason this week said they had detected targeted attacks against Japanese enterprises leaving behind ONI which was used as part of an operation to encrypt hundreds of machines inside these organizations. The attackers are gaining a foothold via spear-phishing emails spreading malicious Office documents that drop a remote access Trojan called Ammyy Admin. A new bootkit was also found during these attacks called MBR-ONI used by the same attackers.
Source: https://threatpost.com/devilish-oni-attacks-in-japan-use-wiper-to-cover-tracks/128733/