Hermetic Wiper Malware Hits Ukraine

Endpoint security specialist SentinelOne have isolated and demonstrated an installed instance of HermeticWiper malware currently destroying PCs across Ukraine.

First spotted on February 23rd, the 114kb ‘Hermetic Wiper’ malware gets its name from the (likely fictitious) ‘Hermetic Digital Ltd’ – a Cypriot company allegedly named on its digital certificate. The malware appears to have been circulated among a number of Ukrainian organisations, and abuses a partition management driver to begin corrupting a device’s physical drives.

Watch below as SentinelOne test-detonate an instance of Hermetic Wiper, first on an undefended PC, then with powerful endpoint protections in place:

Video Credit: SentinelOne.

Once activated, the malware initiates a device shutdown, making the system irretrievable and booting only as far as Windows’ ‘Your PC/Device needs to be repaired’ screen.

The timing and nature of the attack (crippling PCs in the short term, until they can be replaced) suggests an effort that has been coordinated with Russian military operations.

 

For cybersecurity advice and expertise, please contact Lineal today.


Announcing: SentinelOne

For 2022 we’re announcing a series of changes to the way Lineal helps keep your IT safe and secure – including some new technologies that will allow us to better care for our customers’ cybersecurity.

One of these is the introduction of SentinelOne as an alternative to traditional antivirus options. We’ve formed this partnership to offer a more extensive set of tools to customers, and further modernise the way we keep your staff, systems and data safe.

You can learn more about SentinelOne, and why we’ve taken this step, below:

 

What is SentinelOne?

SentinelOne is a next-generation Endpoint Detection & Response (EDR) software that we’ll be recommending in future to protect PCs/Macs and more from cybersecurity threats, in place of more traditional antivirus options.

 

Why are Lineal making this change?

We’re responding to changing times – in recent years we’ve seen the threats to small businesses shift away from general malware towards more dangerous ransomware that encrypt data and seek to extort payment from victims.

 

Why have you re-focused on Ransomware?

The scale of the threat. While malware might endanger data, hit device performance or introduce other serious technical problems, ransomware can be totally devastating – bringing even major industries to a standstill.

The UK National Cyber Security Centre recently argued that “Ransomware represents the key cybersecurity threat facing Britain…” – following a series of high-profile and crushing ransomware breaches in the US, across industry, and against the NHS.

For a small business, a ransomware infection is potentially terminal, and as the methods used by cybercriminals change, our recommended cybersecurity precautions need to adjust to reflect this.

 

What’s wrong with traditional antivirus?

While a traditional antivirus software is a good defence, these typically work by comparing against a list of known threats that are regularly updated. This technique has its limits – particularly when it comes to never-before-seen ‘Zero Day’ threats.

With the spread of ‘ransomware kits’ on the dark web, it’s becoming easier and easier for cybercriminals to introduce brand new variants and strains, on an hourly basis. This necessitates a different kind of counter-measure: intelligent EDR software that understands how a threat to an endpoint ‘acts’ and can remediate more effectively.

 

 

OK, but why SentinelOne rather than [Product X?]

In addition to performing exceptionally well in independent testing, we’ve been impressed with SentinelOne’s cloud-based management and incident investigation tools, and their Ransomware Warranty pledge of $1,000 per computer (Up to $1m) for each machine with valid protection.

The company consistently ranks as a Leader in Gartner analysis, is the only vendor on record to achieve a 100% score in MitreEngenuity testing, and won both Gartner’s 2021 ‘Customer Choice’ highest ranked product, and CRN’s 2021 Product of the Year award for endpoint security.

 

What does this all mean for me?

In future cybersecurity discussions, one of the Lineal team may speak with you about EDR, and may quote SentinelOne as an alternative option to renewing your existing antivirus.

If you would like to discuss this with us, please contact [email protected] or simply speak to one of our team.

 

PC & Mac? And Servers too?

Yes!

 

Will I still be able to purchase other Antivirus products via Lineal?

Yes!