HermeticWiper
HermeticWiper Definition
HermeticWiper is a type of disk-wiping malware designed to penetrate Windows devices and shut them down by destroying files, corrupting the master boot record (MBR), and distressing physical drives. It was first observed by the intelligence community in Ukraine on February 23, 2022, when they noticed a new malware sample appearing in Ukrainian organizations.
Experts have also compared HermeticWiper to WhisperGate, another wiper-style malware. They have linked it to PartyTicket, which is a decoy ransomware that is usually deployed with wiper threats.
The HermeticWiper malware got its name based on the digital certificate that was used to sign it. Namely, the digital certificate was issued by a company named “Hermetica Digital Ltd.” At the time of discovery, experts could not find legitimate documents signed with this certificate, leading them to believe that the attackers either used a shell company or a defunct business to issue the digital certificate.
See also: anti-malware, security certificate
How HermeticWiper Works
- Phase one: Corruption of the master boot record and partitions.
- Phase two: Launch of a disk wiper.
Protecting against HermaticWiper attacks
- Use only the latest malware protection and update it as soon as a new patch is available.
- Schedule more frequent threat scans.
- Back up your data frequently to reduce the damage in case a HermeticWiper attack does happen.
- Keep sensitive data and intellectual property in a remote location so that a HermeticWiper attack does not affect it.