In the recent international scenario, a malware born to destroy is emerging. Target? Documents of Ukrainian government and banking organizations.
It's called HermeticWiper, known as the malware of the war between Russia and Ukraine, and it doesn't seem to have anything to do with the famous ransomware, which has been talked about so much in recent years. The objective of this malware would be, in fact, the destruction of documents present on the servers of the Ukrainian institutions and the financial world. No ransom note. No attempt to monetize. It is not surprising that the alarm quickly spread to other countries, including Italy, because a malware of this type in circulation, although certainly not new in its modalities, scares everyone and pushes to create targeted solutions to protect IT infrastructures. , strengthening its defenses.
Experts have already set to work to try to understand how it works and how to counter it, identifying some specific features of HermeticWiper. First, it carries out highly targeted attacks, which do not exploit the main techniques known for the spread of computer viruses. The attacks require administrator privileges and bear similarities to ransomware attacks carried out using NotPeya in 2017.
Wiper malware.
When we talk about cyber attacks, we generally refer to dangerous files that belong to three broad categories: those that aim to monetize by encrypting or selling the information obtained, those developed in the field of industrial espionage, therefore used only to obtain information to be used. to their own advantage, and those, much more dangerous, who only want to destroy. The latter are called "Wiper", a term that derives from the English verb to wipe, which means to cancel. Some of these are so powerful and subtle that they are capable of deleting themselves, making it impossible to detect the malware itself.
In recent weeks, this type of malware has been identified in several attacks directed towards Ukraine, although there are still not enough data to estimate the number of devices affected, we are talking about hundreds of victims. However, following this escalation, the European authorities have raised the level of guradia, urging the sector to activate adequate protection measures. From the analysis of the malware detected in Ukraine, it would appear that it was created towards the end of last year, and that therefore the series of attacks had already been prepared for some time, by accessing the victim's system well before the launch of the attack. Finally the name. The analysts, from the digital certificate would have traced back to a company based in Cyprus called Hermetica Digital Ltd. Here is the name HermeticWiper.
Attacks in Ukraine.
In recent weeks there has been an exponential growth in attacks directed against Ukraine, which is not new to this type of scenario. What worries the most are the objectives: the more strategic and sensitive they are, the greater the risk for the civilian population. Indeed, if the critical infrastructure systems that manage primary services such as electricity, water or health were destroyed, the consequences could be disastrous on a population already affected by conventional warfare. To date, websites have been hit with DDoS attacks, government agencies and especially the financial sector.
