New data‑wiping malware hits Ukraine

Hundreds of computers in Ukraine compromised just hours after a wave of DDoS attacks brings down a number of Ukrainian websites

A number of organisations in Ukraine have been hit by a cyberattack that involved new data-wiping malware dubbed HermeticWiper and impacted hundreds of computers on their networks, ESET Research has found. The attack came just hours after a series of distributed denial-of-service (DDoS) onslaughts knocked several important websites in the country offline.

Detected by ESET products as Win32/KillDisk.NCV, the data wiper was first spotted just before 5 p.m. local time (3 p.m. UTC) on Wednesday. The wiper’s timestamp, meanwhile, shows that it was compiled on December 28, 2021, suggesting that the attack may have been in the works for some time.

HermeticWiper misused legitimate drivers of popular disk management software. “The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data,” according to ESET researchers.

Additionally, the attackers used a genuine code-signing certificate issued to a Cyprus-based company called Hermetica Digital, hence the wiper’s name.

It also appears that at least in one case, the threat actors had access to a victim’s network before unleashing the malware.

Earlier on Wednesday, a number of Ukrainian websites were knocked offline in a fresh wave of DDoS attacks that have been targeting the country for weeks now.

In the middle of January, another data wiper swept through Ukraine. Called WhisperGate, the wiper masqueraded as ransomware and brought some echoes of the NotPetya attack that hit Ukraine in June 2017 before causing havoc around the world.

 

To read more exclusive features and latest news please see our Q4 issue here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]

Georgina Turner image

Georgina Turner

Sales Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

GBV

IFPO Column: The Quiet Signals of Danger

Yoyo Hamblen of IFPO and Gary Simpson, Nonverbal and Behavioural specialist discuss the important topic of Gender-Based Violence..
Suprema

Suprema Achieves EN 60839 Certification

Suprema, a global provider of AI-powered access control and security solutions, has achieved EN 60839-11-1:2013 Grade 3 certification
ASSA ABLOY

Electric locks are a vital component in digital access

To protect the important openings in their buildings, organizations need locks they can trust. This means more than just strength…
Logistics

AI-powered surveillance for logistics security

Logistics companies face immense pressure to optimise their operations, enhance security, reduce losses, and become…
Jacksons Fencing

Securing the future of sustainable living with Jacksons Fencing

In a recent partnership aimed at boosting both security and visual appeal, Jacksons Fencing was tasked with providing a bespoke…
Tecnosicurezza

Tecnosicurezza Launches AmpliSec

Tecnosicurezza has launched AmpliSec – its first connected high-security electronic locking system designed specifically for safes…
Axis Communications

Axis Communications sheds light on video surveillance industry

Axis Communications has published a new report that explores the state of AI in the global video surveillance industry.
AI’s Digital Pollution

AI’s Digital Pollution

As AI continues to shape industries, responsible AI governance remains a pressing concern. Yolanda Hamblen and Pauline…
The Role of AI Gateway Devices

From the Expert – The Role of AI Gateway Devices

AI gateway devices bridge legacy security cameras and cloud platforms, enabling real-time analytics, hybrid storage, and compliance…
Cover Story - Empowering the Mobile Workforce with HID

Cover Story – Empowering the Mobile Workforce with HID

HID presents the latest in portable readers, depicting a modern world where secure access moves with you…
Scroll to Top