What is HermeticWiper?

HermeticWiper first appeared in late February 2022, targeting organizations in Ukraine. It falls under the category of “wiper” malware, meaning its primary function is to erase critical data and render systems inoperable. Unlike ransomware that encrypts data for ransom, HermeticWiper aims for complete destruction.

Award winning ThreatDown EDR stops threats that others miss

Talk to an expert

How Does HermeticWiper Work?

HermeticWiper is likely delivered through phishing emails or other social engineering tactics. Once it infects a system, here’s what HermeticWiper does:

  • Targets the Core: It specifically targets the Master Boot Record (MBR) and partition tables. The MBR is a critical piece of data on a disk that tells the system where to find the operating system. Partition tables define how a storage device is divided into logical sections. By corrupting these elements, HermeticWiper essentially wipes the data storage structure of the infected system.
  • Overwrites Files: In some cases, HermeticWiper may also overwrite specific files on the system. This can hinder forensic analysis and data recovery efforts by security professionals.
  • Stealthy Operation: HermeticWiper is designed to be stealthy and evade detection by security software. It may leverage legitimate drivers (software components that allow programs to interact with hardware) to interact with storage devices and overwrite data without raising red flags.


Why is HermeticWiper a Serious Threat?

  • Severity of Damage: Unlike some malware that can be remediated, HermeticWiper’s data-wiping capabilities can cause permanent damage and significant data loss. Recovering from a HermeticWiper attack can be extremely difficult, if not impossible.
  • Targeted Attacks: While the initial targets were Ukrainian entities, HermeticWiper demonstrates the potential for similar attacks against organizations worldwide. This highlights the need for global vigilance against such threats.


How Can My Organization Stay Protected Against HermeticWiper?

While there’s no guaranteed defense against cyber threats, here are some steps you can take to improve your organization’s security posture:

  • Educate Your Employees: Educating employees about phishing tactics and social engineering techniques can help prevent them from falling victim to malware delivery attempts. Phishing emails often try to trick users into clicking on malicious links or attachments that can download malware.
  • Strong Security Software: Having up-to-date security software with anti-malware capabilities in place can help detect and block malicious programs like HermeticWiper.
  • Regular Backups: Maintaining regular backups of your data is an essential security practice. In the event of a cyberattack, having backups allows you to recover your data and minimize downtime.


Featured Resources

Frequently Asked Questions (FAQ) about Hermetic Wiper

What is HermeticWiper?

HermeticWiper is a type of destructive malware designed to target and permanently erase data on infected systems, rendering them inoperable and causing significant damage to affected organizations.

How does HermeticWiper differ from other types of malware?

Unlike traditional malware, which may focus on data theft or system disruption, HermeticWiper specifically aims to permanently destroy data on infected systems, making recovery difficult or impossible.

What are some common signs of a HermeticWiper infection?

Common signs of a HermeticWiper infection include sudden and widespread data loss, system crashes, unexplained changes to file names or extensions, and the appearance of ransom notes or messages demanding payment for data recovery, although in this case, recovery is usually not possible.