Security company ESET has found several types of wiper malware in Ukrainian systems. Wiper malware is a type of malware that wreaks havoc on a system, then removes itself and erases its tracks. The idea is that researchers will not be able to find the malware or trace it back to a source.
The company previously found HermeticWiper and now it has also found IsaacWiper in Ukrainian systems. ESET states that it does not know exactly how the HermeticWiper enters a system. Once inside, the company sees that the malware is being rolled out across networks via Active Directory.
The wiper renders the system unusable by overwriting data. At the same time, the HermeticRansom ransomware is deployed. The researchers suspect that this is done to hide the wiper’s activities as much as possible.
In addition to the wiper and the ransomware elements, a worm component is also used, which they call HermeticWizard. The worm allows the wiper to spread through the local network and attack even more systems.
The malware thus combines a wiper with ransomware and a worm. So these are very clever attacks.
ESET says it has found the wiper at least five companies.
In addition to the HermeticWiper, ESET has now found another similar type of malware called IsaacWiper. This malware is said to mainly target government institutions in Ukraine.
IsaacWiper’s code seems less advanced than HermeticWiper’s. IsaacWiper is also not known how it enters the systems. However, the malware has been on some systems since October. It wasn’t until February 24 that the malware actually struck.
Origin of malware
ESET says the malware struck hours before the Russian invasion of Ukraine. While it may seem easy to connect these two things, ESET says they don’t have enough evidence to make any public statements about the malware’s origin.
Catch up on more articles here
Follow us on Twitter here