Wiper

HermeticWiper

First seen: 2022-02 • Status: inactive

Currently Inactive

HermeticWiper was used by Russia to attack Ukraine right before the invasion. It destroyed data on government and bank computers.

Overview

HermeticWiper was deployed against Ukraine hours before Russia invaded. It abuses legitimate disk management drivers to destroy data.

Also Known As

FoxBlade, DriveSlayer

How It Spreads

  • Pre-positioned access
  • Active Directory compromise

What It Does

  • Corrupts MBR and partition tables
  • Uses legitimate drivers
  • Permanent data destruction

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for disk driver abuse
  • Watch for MBR corruption

MITRE ATT&CK Techniques

T1561, T1068

If You're Infected

  1. 1.

    Data cannot be recovered

Related Malware

Isaacwiper, Whispergate

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices