Recently, we have seen several malware campaigns attacking Ukrainian organizations — Operation Bleeding Bear is a recent one of note. Elastic Security researchers recently verified a data wiper malware campaign that is targeting Ukrainian systems. As this malware campaign is new, with more information being uncovered hourly, it is being referred to as HERMETICWIPER.
When engaged on a file system, HERMETICWIPER tampers with the boot process to render a system unusable and unbootable. HERMETICWIPER’s goals are to make the system unbootable and wipe data from the file system. Malware wipers are a common tactic of adversaries. They are mainly designed to wipe the contents of drives and render that drive useless. Read our full article to learn more.
There are several Indicators of Compromise (IoCs) that have been associated with HERMETICWIPER and the Elastic Security solution is able to automatically detect and block this malware. Other security vendors have also verified this malware as well.As this is a rapidly evolving campaign, expect Elastic Security to produce more on this topic. Existing Elastic Security users can access these capabilities within the product. If you’re new to Elastic Security, take a look at our Quick Start guides (bite-sized training videos to get you started quickly) or our free fundamentals training courses. If you want to try the product, you started with a free 14-day trial of Elastic Cloud.