This ransomware is actually a wiper. If we're being blunt, it's hardly a wiper at all. This incomplete malware encrypts files with a '.dnWipe_RUS' file extension after encoding it with Base64 and only executes on Tuesdays. Although no official decryptor is available, a script can be written to revert file changes made by this wiper. The code base is identical to RU_Ransom and was discovered simultaneously. The only reason we have this as a variant of RU_Ransom, instead of the opposite is that some samples of RU_Ransom were discovered a few days before dnWipe, and most of the compilation time stamps are altered. Basically, it's difficult to discern which one came first. We know that RU_Ransom is complete and functions fully. What's important to remember is that the same person likely wrote these, and both had the same purpose - to destroy Russian-based systems in retaliation for the invasion of Ukraine.