Entities in Ukraine have been targeted by hackers that wipe hard drives of all data. An investigation from PCMag reveals that so far there isn’t evidence that Russia is behind these attacks.
Cyberattacks Against Ukraine
Security researchers at ESET examined this “wiper” malware. They know how it works and when it was spotted in the while, but not the origin yet. Headquartered in Bratislava, capital of the Slovak Republic, a source from ESET mentioned, “Bratislava, where ESET’s HQ is located is a fair distance from the border with Ukraine. So far, the only impact of the conflict on Slovakia are refugees arriving at the border who are receiving immediate help from local authorities.”
This malware is called HermeticWiper. Signed by game company Hermetica Digital Ltd, it affects machines running windows. It was first discovered back in February and erases these computers to prevent the operating system from loading.
That’s not all.
Two other pieces of malware are included in the attacks, called HermeticWizard and HermeticRansom. HermeticWizard is the component that spreads HermeticWiper. ESMET says,
On February 24th, 2022, we detected yet another new wiper in a Ukrainian governmental network. We named it IsaacWiper and we are currently assessing its links, if any, with HermeticWiper. It is important to note that it was seen in an organization that was not affected by HermeticWiper.
As for HermeticRansom, it acts like any ransomware by encrypting documents and displaying a ransom note. This malware uses the note, “The only thing we learn from new elections is we learned nothing from the old. Thank you for your vote! Have a nice day!”