HermeticWiper malware targeting orgs in Ukraine; here’s how to stay safe
Posted on by Joshua Long
New malware known as HermeticWiper is in active use against targets in Ukraine. Here’s what you need to know to keep your computers safe.
What is HermeticWiper?
HermeticWiper is a new form of wiper malware. A wiper is malicious software designed to erase or overwrite files or data on an infected system.
Specifically, HermeticWiper destroys the master boot record of infected computers, rendering the PCs unusable.
The malware has been observed over the past few days, infecting Ukrainian organizations’ computers. According to Symantec, the malware “was used to attack organizations in Ukraine shortly before the launch of [the] Russian invasion” the morning of February 24.
How is HermeticWiper infecting computers?
In at least one case, HermeticWiper was deployed to an entire organization’s Windows PC fleet via an Active Directory group policy, according to ESET.
Evidence suggests that the infected organizations may have been compromised via silent attacks months earlier. The initial entry point that attackers used against the organizations was the exploitation of unpatched vulnerabilities on public servers.
How can one remove or prevent HermeticWiper?
Intego customers are protected against this malware threat and others like it.
So far, the malware has only been observed on Windows PCs—but Intego’s antivirus software for both Windows (Intego Antivirus for Windows) and macOS (VirusBarrier X9, included with Intego’s Mac Premium Bundle X9) will protect against and eliminate HermeticWiper malware.
If a macOS version of HermeticWiper is discovered, you can rest assured that Intego will protect against it as well.
How can I learn more?
For additional technical details about the HermeticWiper malware, you can read the U.S. Cybersecurity and Infrastructure Security Agency (CISA)’s full report, which contains additional links to third-party write-ups about the malware.
To stay up to date on all the latest threats, be sure to follow the Intego Mac Podcast, subscribe to our e-mail newsletter, and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: