Skip Navigation
BlackBerry ThreatVector Blog

Threat Alert: HermeticWiper Malware

HermeticWiper, a new malware first seen by ESET and Symantec, has been observed infecting organizations in Ukraine, Latvia, and Lithuania. Leveraging a digital signature from “Hermetica Digital,” and using real recovery drivers (from EaseUS), the attack relies on transitive trust in order to perform its malicious behavior. While some organizations have noted that ransomware has been seen deployed alongside, potentially as cover, this threat appears to be solely focused on destruction of data.

The wiper, seen being implanted via Active Directory, places the appropriate drivers on the victim machine as a Windows® service. After establishing a foothold, the system’s Master Boot Record is destroyed and the machine is rebooted, preventing the device from initializing.

DEMO VIDEO: Stopping HermeticWiper
 
Figure 1 – To confirm the Temporal Predictive capability, we equipped this test system with a version of the Cylance® AI engine from October 2015
 
Figure 2 – Both files identified by security researchers are stopped, pre-deployment
 

Video Transcription

In this video, we document the ability of BlackBerry® Protect to prevent the new HermeticWiper data wiping malware, which has affected several organizations in Ukraine, Latvia, and Lithuania. To confirm the Temporal Predictive capability is effective regardless of the availability of Internet connectivity or cloud lookups, we have equipped this test system with a version of the Cylance® AI engine from October 2015. 
 
Here we have the two malware files identified by security researchers. When we copy the files to our test system, we see that BlackBerry® Protect stops them in pre-execution. More information on this and other threats is available here.

Hector Diaz

About Hector Diaz

 Senior Technical Marketing Manager at BlackBerry

Hector Diaz is a Senior Technical Marketing Manager for Latin America and the Caribbean at BlackBerry. Hector works with Engineering and Product Management to translate technology concepts into digestible pieces, evangelizing and educating people about Artificial Intelligence (AI) applied to cybersecurity.

With over 15 years of experience in cybersecurity, Hector is a respected professional who is in-demand at trade shows, partner training and customer engagements across Latin America and the Caribbean Region.