Endpoint security specialist SentinelOne have isolated and demonstrated an installed instance of HermeticWiper malware currently destroying PCs across Ukraine.
First spotted on February 23rd, the 114kb ‘Hermetic Wiper’ malware gets its name from the (likely fictitious) ‘Hermetic Digital Ltd’ – a Cypriot company allegedly named on its digital certificate. The malware appears to have been circulated among a number of Ukrainian organisations, and abuses a partition management driver to begin corrupting a device’s physical drives.
For 2022 we’re announcing a series of changes to the way Lineal helps keep your IT safe and secure – including some new technologies that will allow us to better care for our customers’ cybersecurity.
One of these is the introduction of SentinelOne as an alternative to traditional antivirus options. We’ve formed this partnership to offer a more extensive set of tools to customers, and further modernise the way we keep your staff, systems and data safe.
You can learn more about SentinelOne, and why we’ve taken this step, below:
What is SentinelOne?
SentinelOne is a next-generation Endpoint Detection & Response (EDR) software that we’ll be recommending in future to protect PCs/Macs and more from cybersecurity threats, in place of more traditional antivirus options.
Why are Lineal making this change?
We’re responding to changing times – in recent years we’ve seen the threats to small businesses shift away from general malware towards more dangerous ransomware that encrypt data and seek to extort payment from victims.
Why have you re-focused on Ransomware?
The scale of the threat. While malware might endanger data, hit device performance or introduce other serious technical problems, ransomware can be totally devastating – bringing even major industries to a standstill.
The UK National Cyber Security Centre recently argued that “Ransomware represents the key cybersecurity threat facing Britain…” – following a series of high-profile and crushing ransomware breaches in the US, across industry, and against the NHS.
For a small business, a ransomware infection is potentially terminal, and as the methods used by cybercriminals change, our recommended cybersecurity precautions need to adjust to reflect this.
What’s wrong with traditional antivirus?
While a traditional antivirus software is a good defence, these typically work by comparing against a list of known threats that are regularly updated. This technique has its limits – particularly when it comes to never-before-seen ‘Zero Day’ threats.
With the spread of ‘ransomware kits’ on the dark web, it’s becoming easier and easier for cybercriminals to introduce brand new variants and strains, on an hourly basis. This necessitates a different kind of counter-measure: intelligent EDR software that understands how a threat to an endpoint ‘acts’ and can remediate more effectively.
OK, but why SentinelOne rather than [Product X?]
In addition to performing exceptionally well in independent testing, we’ve been impressed with SentinelOne’s cloud-based management and incident investigation tools, and their Ransomware Warranty pledge of $1,000 per computer (Up to $1m) for each machine with valid protection.