What is HermeticWiper?
Prevent hermetic wiper malware and other cyberthreats from attacking your business with easy-to-use Malwarebytes EDR.
HermeticWiper explained
HermeticWiper is a new form of destructive malware designed to infiltrate Windows devices and render them inoperable by destroying files, corrupting Master Boot Record (MBR), and afflicting physical drives belonging to Ukraine organizations.
HermeticWiper is similar to WhisperGate, a previous wiper-style threat used in cyberattacks targeting Ukraine. HermeticWiper is also being linked to PartyTicket, a decoy ransomware known to be deployed alongside wiper threats.
HermeticWiper vs WhisperGate malware
Wiper malware was reported by ESET following repeated distributed denial-of-service (DDoS) attacks and website defacements directed at Ukraine-based organizations. These threats are multi-staged and include a chain of sophisticated attacks.
Both HermeticWiper and WhisperGate involve two phases:
Phase 1: Corrupting the Master Boot Record (MBR) and partitions.
Phase 2: Deploying a disk-wiper.
HermeticWiper targets Windows devices by manipulating the MBR causing multiple system boot failures. While sequential boot failures occur, HermeticWiper catalogues FAT and NTFS partitions and corrupts these files. In contrast, WhisperGate corrupts and overwrites a system’s MBR with a fake ransom note and encrypts files focusing on specific file extensions.
How can businesses prevent against a HermeticWiper attack?
CISA Shields Up provides technical resources for business leaders and covers recommendations for organizations facing recent onslaughts to their security posture.
Recognizing indicators of compromise (IOCs) helps companies monitor suspicious activity and respond to threats attempting to penetrate their security infrastructure. Additionally, CISA provides a table of HermeticWiper IOCs your IT team can refer to.
Although wiper attacks are rare, here are steps to consider when protecting your business against wiper malware:
Update existing malware protection
Traditional malware focuses on staying undetected for extended periods. Unlike its counterpart, wiper-type malware causes obvious disruption to your company’s workflow. Improving the likelihood of detecting a wiper attack, your IT team can schedule, define, and configure anti-malware systems to increase the frequency of signature updates and scan for the latest threats.
Backup data frequently
Most cybercrimes target organizations with the intent to steal data, however HermeticWiper and other wiper malware focus on data-wiping. Reevaluating and improving your data recovery plan can reduce the magnitude of property impacted by a cyberattack.
Isolate high priority intellectual property
Wiper malware is designed to destroy valuable content on drives. Remotely accessing data from a segmented network adds a layer of difficulty for malware attackers to breach. By keeping sensitive data and intellectual property isolated using a segmented network, content needs to be accessed through remote desktop software.
Stop Hermetic Wiper Malware attacks on your business. Get protection that starts today.
Malwarebytes EDR and MDR are easy to deploy. Choose a comprehensive detection and response tool designed to suit the needs of your large or small business.
Protection is more than just antivirus, it’s layered security.