Another Destructive Wiper Targets Organizations in Ukraine

2022-03-16 16:29

Researchers have discovered yet another destructive data-wiping malware targeting organizations in Ukraine, the third to be found in as many weeks attacking systems in the country that's currently defending itself against a Russian physical invasion.

The HermeticWiper attack also used a custom worm dubbed HermeticWizard for propagating the wiper inside local networks, as well as HermeticRansom, a decoy ransomware used in the attack, according to ESET. A free decryptor later was released to unlock HermeticRansom, which also targeted organizations in Lithuania and Latvia.

Following the HermeticWiper attack, on the day the kinetic war began in Ukraine, cyberattackers deployed the "Less sophisticated" IsaacWiper in an organization unconnected to the HermeticWiper attacks, according to ESET. Consistent Barrage of Attacks.

Even before the three wiper attacks occurred in succession, Russian-based cyber actors have been barraging Ukraine with wiper attacks, often disguised as ransomware, researchers have observed.

Prior to Russia's invasion, Ukraine was the target of a Master Boot Record wiper attack that started Jan. 13, which was discovered and dubbed WhisperGate by Microsoft researchers.

The wiper had previously been used against government systems, nonprofit organizations and IT companies in Ukraine.

News URL

https://threatpost.com/destructive-wiper-organizations-ukraine/178937/

#ukraine