Destructive HermeticWiper Malware Targets Ukrainian Entities

russia ukraine cyber attack hermeticwiper

The Russian cyber division have unleashed a flurry of attacks or Ukrainian systems and network infrastructure. The ongoing military conflict is fought both in the real world, and on the Internet. One of the new malware families used in the ongoing attacks is the HermeticWiper. It has already been deployed on hundreds of critical Ukrainian systems and, as the name suggests, it has managed to wipe out tons of devices. By deleting files, the HermeticWiper does not just ensure data loss – it also renders many of the devices impossible to use since the operating system gets corrupted.

The HermeticWiper has been used against Ukraine exclusively, and the attacks appear to be focused on entities and companies operating in various sectors – finance, IT service, aviation, and defense. It is important to add that the criminals performing these attacks are unlikely to have just discovered zero-day vulnerabilities to use. Cybersecurity experts believe that they may have had access to the infected systems months in advance, but they were waiting for the write time to execute the attack.

The HermeticWiper does not just harm files, but it also corrupts the system's Master Boot Record (MBR.) Unlikely ransomware threats that extort their victims for money, wipers do not offer a recovery option – their sole purpose is to inflict as much damage as possible. While the HermeticWiper is unlikely to go after regular users, there are plenty of other malware families that may do that. To stay safe from such attacks, we recommend using a reputable anti-malware service at all times. Also, make sure to apply all updates and patches to the operating system and software you use.

February 25, 2022