HermeticWiper: Russian malware attacks Ukraine and France
Vladimir Putin decided to invade Ukraine more than a week ago and war is still raging in the territory. Ukrainians are preparing for the worst, as we could see by taking a look at the most downloaded apps in the country. Walkie-talkie, messaging without Internet… You have to be ready if Russia manages to cut the network and thus blocks the modes of communication using it, whether Skype, WhatsApp or other Messenger. If the Russian troops do huge damage on the ground, attacks also come from cyberspace.
HermeticWiper: the eraser that sleeps
Several government sites have indeed suffered attacks from HermeticWiper, a malware which, as its name suggests, is of the “wiper” type. Its operation is very different from the others since it does not attack your wallet, either by secret subscriptions or ransom demands. No, he destroys, as Maxime Alay-Eddine, CEO of Cyberwatch, reminds our colleagues at 20 minutes :
It is a malicious product that will be used to render data unusable. Unlike a ransomware which renders them unusable only while a ransom is paid, the Wiper simply destroys them. They are screwed.
Thus, some data may disappear and prevent entire sites or programs from working. The particularity of HermeticWiper is that it is a dormant virus. It may have been implanted in information systems for years, well hidden, before being humanely activated remotely by cyberpirates. While searching its source code, the specialists realized that it had was created on December 28, 2021 only to finally appear on the Ukrainian scene a few weeks ago. Suffice to say that the attack was premeditated and planned for a long time.
Targeted government sites
HermeticWiper also does not have just one shape since four variants have already been discovered. What allow him to pass between the meshes of the antiviruses which cannot for the moment detect all the strains. Ukraine has already suffered thousands of computer intrusions and official and government sites have been hacked and sometimes even taken offline. Among the sites attacked were those of the Ministries of Foreign Affairs, Defense and Interior, as well as those of the Cabinet of Ministries and of the Rada, the Supreme Council of the country. You should also know that this kind of wiper can simply be used to erase traces of spyware previously in place on infected machines. Recently, the country was even surprised to see itself launching DDoS attacks (distributed denial of service attacks) which attacked institutions and the banking service.
War in Ukraine: HermeticWiper, a formidable computer virus detected in France, after attacking Ukrainian administrations.https://t.co/QE8vCj6Gqu pic.twitter.com/12qnnHFs9n
— Lfd Criminalistics (@info_lfd) March 2, 2022
Fortunately, the country is doing everything to defend itself on the digital front. A team made up of Polish, Romanian, Dutch Croatian and Estonian experts are at work right now to prevent things from getting worse.
While the conflict does not seem ready to stop, HermeticWiper has also decided to widen its field of attack. It has in fact been found in the systems of several French organizations. An alert to be taken very seriously as world governments are in the round of imposing sanctions on Russia. If hackers are unlikely to attack individuals, it is essential for companies to prepare for this kind of cyberattack. To protect yourself against this, we give you our advice to avoid unpleasant surprises from piracy.