The Kremlin launched an attack on Ukraine in many forms, including that of the cyber warfare. Among the malware that has hit Kyiv since the beginning of the Russian invasion is the data wiper HermeticWiper, that the research team of Qualys he analyzed. To give us an idea of how this cyberwar is being fought.
According to the researchers of the Qualys Research Team, “The origin of HermeticWiper seems to be closely connected to the beginning of the Russia / Ukraine conflict ”. In fact the rData wipe ansomwarer which has been distributed since February 23, 2022.
But Moscow would have started preparing it much earlier. “The file we analyzed has a timestamp at ‘2021-12-28’. This wiper-ware got this name because the attackers used a code signing certificate issued to ‘Hermetica Digital Ltd’. This goes back to a small video game design company based in Cyprus with no ties to Russia that it claims to never having requested a digital certificateindicating possible identity theft “.
Code-signing from a legitimate company allows you to bypass the antivirus protections of the operating systems. But according to Qualys they arrived earlier “exploits that aid in the distribution of malware or by multiple distributed denial-of-service attacks to stop the protection services “. In fact, there have been hundreds of attacks on local government websites in Ukraine. The business was already been tested in Latvia and Lithuania, and then attacked Kyiv a few hours before the invasion.
HermeticWiper’s goal is to destroy a system’s master boot record (MBR). In many cases it uses the ‘Gift‘and once executed it obtains several permissions to erase the data on the computer disks: SeBackupPrivilege, SeDebugPrivilege SeLoadDriverPrivilege.
At this point the malware changes some values by blocking various Windows services, which can act as an alarm bell for detention. By changing the registry keys, allows you to delete some files essential for the functioning of the computer.
You can better understand how to find and block this data wiper by following the instructions provided by Qualys, which you can find at this address.
Today everything has become digital, even the butcher's shop that sells cured meats. So if…
If you are looking for link 2000 of free monopoly go, you have landed on…
In today's world there are so many ways to eat, so many diets to follow…
Let's discover Agrati together, the company whose mission is precision, albeit in the context of…
In this review we will analyze Dragon's Dogma 2: the highly anticipated sequel to Capcom's…
Honor 200 Lite arrives, let's discover the features, price and technical data sheet of Honor's…
