This post was written with contributions from IBM Security X-Force’s Anne Jobmann, Claire Zaboeva and Richard Emerson.
On February 23, 2022, open-source intelligence sources began reporting detections of a wiper malware — a destructive family of malware designed to permanently destroy data from the target — executing on systems belonging to Ukrainian organizations. IBM Security X-Force obtained a sample of the wiper named HermeticWiper. It uses a benign partition manager driver (a copy of empntdrv.sys) to perform its wiping capabilities corrupting all available physical drives’ Master Boot Record (MBR), partition, and file system (FAT or NTFS).
This is not the first wiper malware targeting Ukrainian organizations X-Force has analyzed. In January 2022, X-Force analyzed the WhisperGate malware and did not identify any code overlaps between WhisperGate and HermeticWiper.
This blog post will detail IBM Security X-Force’s insights into the HermeticWiper malware, technical analysis of the sample, and indicators of compromise (IoC) to help organizations protect themselves from this malware.
Why This Is Important
In January 2022, X-Force analyzed the ..
Support the originator by clicking the read the rest link below.
