HermeticWiper Malware: How to Protect Against | The Impact on Ukraine & Others

HermeticWiper Malware How to Protect Against The Impact on Ukraine & Others

Just before the invasion of Ukraine by Russian forces on February 24th, various cybersecurity companies revealed that a data wiper attack (AA22-057A) known as HermeticWiper was used against a number of Ukrainian organizations. 

 

Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable. The attacks are believed to be deployed by Russia, although no explicit attribution has been made.

Understanding the Impact

 

A data wiping malware involves intentionally destroying data from the victim. Unlike other cyberattacks which may be used for ransom, exploit, exfiltrate data, or for monetary gain, these types of wiper attacks aim to remove or ‘wipe’ the data so that it is unrecoverable and leaves the system to no longer work properly.

 

Cybersecurity & Infrastructure Security Agency (CISA) and the FBI also state that further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries. Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.

 

How to Protect Against the Threat

 

Indicators of Compromise (IOC) and mitigation steps have been provided by the joint Cybersecurity Advisory (CSA) effort of the U.S. CISA and the FBI to help organizations protect themselves and to prevent, detect, respond, and increase cyber resilience.

 

Actions to Take Today:

  • Set antivirus and anti-malware programs to conduct regular scans.
  • Enable strong spam filters to prevent phishing emails from reaching end users.
  • Filter network traffic.
  • Update software.
  • Require multi-factor authentication.
 

Organizations should also be aware of Potential Distribution Vectors such as enterprise applications, centralized storage devices, and network devices. Threat actors could have the capability to interface directly with endpoints and compromise multiple hosts.

 

Some common strategies include strengthening components vulnerable to destructive malware such as Communication Flow, Access Control, Monitoring, File Distribution, System and Application Hardening, and Recovery and Reconstitution Planning.

 

More best practices and planning strategies are offered by an effort between the CISA and the FBI, CSA. Click here for a PDF version of this report.

 

How Crest Data Systems Can Help

 

Crest Data Systems has worked with Fortune 500 companies as well as some of the world’s most innovative companies and hottest startups to streamline work processes so teams can perform at their highest level.

 

Contact us to learn more about our Product Engineering solutions and our broad range of managed and professional services that encompass solution implementation, building integrations, enable migration, health checks, and see how we can help you today.

 

 

Resources