HermeticWiper Malware: How to Protect Against | The Impact on Ukraine & Others

Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable. The attacks are believed to be deployed by Russia, although no explicit attribution has been made. 

Understanding the Impact

A data wiping malware involves intentionally destroying data from the victim. Unlike other cyberattacks which may be used for ransom, exploit, exfiltrate data, or for monetary gain, these types of wiper attacks aim to remove or ‘wipe’ the data so that it is unrecoverable and leaves the system to no longer work properly.

Cybersecurity & Infrastructure Security Agency (CISA) and the FBI also state that further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries. Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.

How to Protect Against the Threat

Indicators of Compromise (IOC) and mitigation steps have been provided by the joint Cybersecurity Advisory (CSA) effort of the U.S. CISA and the FBI to help organizations protect themselves and to prevent, detect, respond, and increase cyber resilience.

Actions to Take Today:

• Set antivirus and anti-malware programs to conduct regular scans.

• Enable strong spam filters to prevent phishing emails from reaching end users.

• Filter network traffic.

• Update software.

• Require multi-factor authentication.

Organizations should also be aware of Potential Distribution Vectors such as enterprise applications, centralized storage devices, and network devices. Threat actors could have the capability to interface directly with endpoints and compromise multiple hosts.

Some common strategies include strengthening components vulnerable to destructive malware such as Communication Flow, Access Control, Monitoring, File Distribution, System and Application Hardening, and Recovery and Reconstitution Planning.

More best practices and planning strategies are offered by an effort between the CISA and the FBI, CSA. Click here for a PDF version of this report.

How Crest Data Can Help

Crest Data has worked with Fortune 500 companies as well as some of the world’s most innovative companies and hottest startups to streamline work processes so teams can perform at their highest level.

Contact us to learn more about our Product Engineering solutions and our broad range of managed and professional services that encompass solution implementation, building integrations, enable migration, health checks, and see how we can help you today.

Resources

• Joint CSA: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

• Joint CSA: Technical Approaches to Uncovering and Remediating Malicious Activity

• Joint CSA: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

• Joint CSA: Ongoing Cyber Threats to U.S. Water and Wastewater Systems

• CISA and MS-ISAC: Joint Ransomware Guide

• CISA webpage: Russia Cyber Threat Overview and Advisories

• NIST: Data Integrity : Detecting and Responding to Ransomware and Other Destructive Events

• NIST: Data Integrity : Recovering from Ransomware and Other Destructive Events

• CISA Cyber hygiene services: CISA offers a range of no-cost services to help critical infrastructure organizations assess, identify and reduce their exposure to threats, including ransomware. By requesting and leveraging these services, organizations of any size could find ways to reduce their risk and mitigate attack vectors.