1/3 February 24, 2022 HermeticWiper: New data‑wiping malware hits Ukraine welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/ Hundreds of computers in Ukraine compromised just hours after a wave of DDoS attacks brings down a number of Ukrainian websites Editor 24 Feb 2022 - 10:32AM Hundreds of computers in Ukraine compromised just hours after a wave of DDoS attacks brings down a number of Ukrainian websites https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/ https://www.welivesecurity.com/author/editorla/ https://www.welivesecurity.com/author/editorla/ 2/3 A number of organizations in Ukraine have been hit by a cyberattack that involved new data-wiping malware dubbed HermeticWiper and impacted hundreds of computers on their networks, ESET Research has found. The attack came just hours after a series of distributed denial-of-service (DDoS) onslaughts knocked several important websites in the country offline. Breaking. #ESETResearch discovered a new data wiper malware used in Ukraine today. ESET telemetry shows that it was installed on hundreds of machines in the country. This follows the DDoS attacks against several Ukrainian websites earlier today 1/n — ESET research (@ESETresearch) February 23, 2022 Detected by ESET products as Win32/KillDisk.NCV, the data wiper was first spotted just before 5 p.m. local time (3 p.m. UTC) on Wednesday. The wiper’s timestamp, meanwhile, shows that it was compiled on December 28 , 2021, suggesting that the attack may have been in the works for some time. HermeticWiper misused legitimate drivers of popular disk management software. “The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data,” according to ESET researchers. Additionally, the attackers used a genuine code-signing certificate issued to a Cyprus-based company called Hermetica Digital Ltd., hence the wiper’s name. It also appears that at least in one case, the threat actors had access to a victim’s network before unleashing the malware. READ ALSO: IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine Earlier on Wednesday, a number of Ukrainian websites were knocked offline in a fresh wave of DDoS attacks that have been targeting the country for weeks now. In the middle of January, another data wiper swept through Ukraine. Called WhisperGate, the wiper masqueraded as ransomware and brought some echoes of the NotPetya attack that hit Ukraine in June 2017 before causing havoc around the world. For any inquiries about our research published on WeLiveSecurity, please contact us at threatintel@eset.com. ESET Research now also offers private APT intelligence reports and data feeds. For any inquiries about this service, visit the ESET Threat Intelligence page 24 Feb 2022 - 10:32AM th https://twitter.com/hashtag/ESETResearch?src=hash&ref_src=twsrc%5Etfw https://twitter.com/ESETresearch/status/1496581903205511181?ref_src=twsrc%5Etfw https://www.virustotal.com/gui/file/1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591/detection https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/ https://www.bbc.com/news/technology-60500618 https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/ https://www.welivesecurity.com/2017/06/27/new-ransomware-attack-hits-ukraine/ http://10.10.0.46/mailto:threatintel@eset.com https://www.eset.com/int/business/services/threat-intelligence/ 3/3 Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center Newsletter Discussion https://www.welivesecurity.com/category/ukraine-crisis-digital-security-resource-center/