HermeticWiper malware targeting orgs in Ukraine; here’s how to stay safe

Posted on by

New malware known as HermeticWiper is in active use against targets in Ukraine. Here’s what you need to know to keep your computers safe.

What is HermeticWiper?

HermeticWiper is a new form of wiper malware. A wiper is malicious software designed to erase or overwrite files or data on an infected system.

Specifically, HermeticWiper destroys the master boot record of infected computers, rendering the PCs unusable.

The malware has been observed over the past few days, infecting Ukrainian organizations’ computers. According to Symantec, the malware “was used to attack organizations in Ukraine shortly before the launch of [the] Russian invasion” the morning of February 24.

How is HermeticWiper infecting computers?

In at least one case, HermeticWiper was deployed to an entire organization’s Windows PC fleet via an Active Directory group policy, according to ESET.

Evidence suggests that the infected organizations may have been compromised via silent attacks months earlier. The initial entry point that attackers used against the organizations was the exploitation of unpatched vulnerabilities on public servers.

How can one remove or prevent HermeticWiper?

Intego X9 software boxesIntego customers are protected against this malware threat and others like it.

So far, the malware has only been observed on Windows PCs—but Intego’s antivirus software for both Windows (Intego Antivirus for Windows) and macOS (VirusBarrier X9, included with Intego’s Mac Premium Bundle X9) will protect against and eliminate HermeticWiper malware.

If a macOS version of HermeticWiper is discovered, you can rest assured that Intego will protect against it as well.

How can I learn more?

For additional technical details about the HermeticWiper malware, you can read the U.S. Cybersecurity and Infrastructure Security Agency (CISA)’s full report, which contains additional links to third-party write-ups about the malware.

To stay up to date on all the latest threats, be sure to follow the Intego Mac Podcast, subscribe to our e-mail newsletter, and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Follow Intego on Twitter Follow Intego on Facebook Follow Intego on YouTube Follow Intego on Pinterest Follow Intego on LinkedIn Follow Intego on Instagram Follow the Intego Mac Podcast on Apple Podcasts

About Joshua Long

Joshua Long (@theJoshMeister), Intego's Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh has conducted cybersecurity research for more than 25 years, which has often been featured by major news outlets worldwide. Look for more of Josh's articles at and follow him on X/Twitter, LinkedIn, and Mastodon. View all posts by Joshua Long →