Endpoint security specialist SentinelOne have isolated and demonstrated an installed instance of HermeticWiper malware currently destroying PCs across Ukraine.
First spotted on February 23rd, the 114kb ‘Hermetic Wiper’ malware gets its name from the (likely fictitious) ‘Hermetic Digital Ltd’ – a Cypriot company allegedly named on its digital certificate. The malware appears to have been circulated among a number of Ukrainian organisations, and abuses a partition management driver to begin corrupting a device’s physical drives.
Watch below as SentinelOne test-detonate an instance of Hermetic Wiper, first on an undefended PC, then with powerful endpoint protections in place:
Video Credit: SentinelOne.
Once activated, the malware initiates a device shutdown, making the system irretrievable and booting only as far as Windows’ ‘Your PC/Device needs to be repaired’ screen.
The timing and nature of the attack (crippling PCs in the short term, until they can be replaced) suggests an effort that has been coordinated with Russian military operations.
For cybersecurity advice and expertise, please contact Lineal today.