HermeticWiper is an extremely destructive malware threat, designed to render the breached computers inoperable specifically. The threat was leveraged against numerous organizations in Ukraine and is likely connected to the Russian invasion of the country. According to the conclusions of several cybersecurity vendors, hundreds of machines belonging to organizations from different industry sectors - financial, aviation, defense, and IT services, have been compromised already. The total number of affected computers is likely much higher.
Functionality and Attack Details
HermeticWiper is capable of corrupting the Master Boot Record (MBR) of Windows PCs, which is a crucial component responsible for the correct loading of the OS. By wiping it, the malware bricks the entire system and stops it from being bootable. According to the security firm SentinelOne, the technique utilized by the threat involves leveraging the legitimate drivers of the free EaseUs Partition Master application and results in the corruption of the system's hard drives. As for the threat itself, it appears to be signed with a digital certificate belonging to a company named 'Hermetica Digital Ltd.' located in Cyprus.
The HermeticWiper attack seems to have been planned well in advance, with the cybercriminals compromising some of the targeted systems months earlier. On some systems, the attackers also deployed ransomware threats alongside HermeticWiper, but this move is most likely a diversion attempt to mask their true intentions.