New Cyber Threat HermeticWiper Disrupts Ukrainian Government Websites
A new cybersecurity threat, HermeticWiper, has been causing disruption worldwide. This malware, first deployed in February 2022, targets systems by rendering them unusable. It has been observed attacking hundreds of Ukrainian government-related websites, coinciding with the Russia-Ukraine conflict.
HermeticWiper's primary aim is not data encryption but destruction. It targets the master boot record (MBR), making systems unbootable. The malware is preceded by exploits or DDoS attacks to facilitate its deployment. It's compact, at just 115kbs, and comes packed with drivers that are extracted based on the operating system.
During execution, HermeticWiper gains sensitive privileges like SeBackupPrivilege, SeDebugPrivilege, and SeLoadDriverPrivilege. Post-execution, it uses the InitiateSystemShutdownEx API to shut down the system, displaying a blank screen with the message 'Missing operating system.'
The malware uses a code-signing certificate issued to 'Hermetica Digital Ltd.', a small videogame design business in Cyprus with no known links to Russia. Before rewriting the MBR, HermeticWiper enumerates specific files, folders, Master File Table metafiles, and NTFS streams.
HermeticWiper, a new ransomware-like data wiper, has been targeting the Ukrainian government. Its use of a valid digital certificate from 'Hermetica Digital Ltd.' for disguise highlights the complexity and danger of modern cyber attacks. Organizations and individuals must remain vigilant against such threats.
Read also:
- Strengthening Defense against Multi-faceted menaces in the Age of Authority-driven Technology
- Industries Under Jeopardy Due to Multi-Accounting: Prevention Strategies Revealed in 2024
- Web3 Esports undergoes transformation as Aylab and CreataChain collaborate for a radical change
- Latest Tech Highlights: Top Gadgets of March 2025
