New Malware Strains WhisperGate and HermeticWiper Destroy Ukrainian Organizations Far and Wide

Cybersecurity specialists have identified two recent malware strains designed to disrupt the daily operations of many targeted organizations across Ukraine. The parasites in question – WhisperGate and HermeticWiper – hit the radar on Jan. 15 and Feb. 23, respectively. Both strains deploy destructive algorithms to bring their Ukraine-based targets on their knees.

Cyberattacks may severely disrupt the daily operations of many organizations and facilities on every level, which have spawned from the invasion of Ukraine by Russia. To achieve that goal, WhisperGate applies a two-pronged approach. The first payload executable tampers with the master boot record settings of the targeted device. Then, a second executable plants what seems like a genuine ransomware virus on the affected machine. While that second payload encrypts certain file types and displays a ransom note as a message, its primary aim is to wipe all the data it has encrypted, with no chance of recovery. Therefore, even if you fall for the fake note and pay the required ransom, you won't get your data back.

HermeticWiper, on the other hand, is primarily focused on infecting Windows-based machines to trigger an endless array of master boot failures. Like WhisperGate, HermeticWiper comes under the guise of fake ransomware that has no intention to restore the encrypted files. If the targeted device is linked to a network, HermeticWiper may spread across many other network-connected and cripple them just as effectively.

Both WhisperGate and HermeticWiper pose significant dangers to the organizations they target, especially when affecting large companies with even more extensive networks. The crooks dealing with such malware usually exploit security flaws in corporate networks or resort to various Trojans and worms to make a breakthrough. The latter may come from corrupted websites, Peer-to-Peer networks, and seemingly harmless places on the Web. That's why is crucial to keep a watchful eye on computer networks and any stage of operation within the organization, such as planning, preparation, production, distribution, etc. To ensure all that, the corresponding staff should keep their AV detection tools up-to-date and deploy robust spam filters to all corporate emails. Applying strong network traffic filters is a must, as well. Finally, they should maintain regular network scans and integrate two-factor authentication into any corporate account.